What is CVE-2020-10134?

CVE-2020-10134 is a medium-severity vulnerability in Bluetooth Le, classified under CWE-351. CVSS score: 6.3/10. Published 2020-05-19.

How severe is CVE-2020-10134?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2020-10134 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bluetooth Le

CVE-2020-10134

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device an…

EPSS: 0.001 (31.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N.

Affected products

Bluetooth Le — versions 5.2

Weakness classification (CWE)

CWE-351

Public proof-of-concept exploits

References

VU#534195 (third-party-advisory, x_refsource_CERT-VN)
www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-10134?: CVE-2020-10134 is a medium-severity vulnerability in Bluetooth Le, classified under CWE-351. CVSS score: 6.3/10. Published 2020-05-19.
How severe is CVE-2020-10134?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2020-10134 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.