What is CVE-2020-10135?

CVE-2020-10135 is a medium-severity vulnerability in Bluetooth Br/edr, classified under CWE-757. CVSS score: 5.4/10. Published 2020-05-19.

How severe is CVE-2020-10135?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2020-10135 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bluetooth Br/edr

CVE-2020-10135

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthent…

EPSS: 0.202 (95.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Bluetooth Br/edr — versions 5.2

Weakness classification (CWE)

CWE-757

Public proof-of-concept exploits

References

VU#647177 (third-party-advisory, x_refsource_CERT-VN)
20200602 BIAS (Bluetooth Impersonation Attack) CVE 2020-10135 reproduction (mailing-list, x_refsource_FULLDISC)
openSUSE-SU-2020:1153 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1236 (vendor-advisory, x_refsource_SUSE)
francozappa.github.io/about-bias/ (x_refsource_MISC)
www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security… (x_refsource_CONFIRM)
packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-10135?: CVE-2020-10135 is a medium-severity vulnerability in Bluetooth Br/edr, classified under CWE-757. CVSS score: 5.4/10. Published 2020-05-19.
How severe is CVE-2020-10135?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2020-10135 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.