Vulnerabilities > CVE-2020-26555 - Incorrect Authorization vulnerability in multiple products

CVSS 5.4 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

low complexity

NVD

Published: 2021-05-24

Updated: 2023-11-07

Summary

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

Vulnerable Configurations

Part	Description	Count
Application	Bluetooth Bluetooth Bluetooth Core Specification 1.1B Bluetooth Bluetooth Core Specification 1.2 Bluetooth Bluetooth Core Specification 2.0 Bluetooth Bluetooth Core Specification 2.1 Bluetooth Bluetooth Core Specification 3.0 Bluetooth Bluetooth Core Specification 4.0 Bluetooth Bluetooth Core Specification 4.1 Bluetooth Bluetooth Core Specification 4.2 Bluetooth Bluetooth Core Specification 5.0 Bluetooth Bluetooth Core Specification 5.1 Bluetooth Bluetooth Core Specification 5.2	11
OS	Fedoraproject Fedoraproject Fedora 34	1
OS	Intel Intel Ax210 Firmware - Intel Ax201 Firmware - Intel Ax200 Firmware - Intel AC 9560 Firmware - Intel AC 9462 Firmware - Intel AC 9461 Firmware - Intel AC 9260 Firmware - Intel AC 8265 Firmware - Intel AC 8260 Firmware - Intel AC 3168 Firmware - Intel AC 7265 Firmware - Intel AC 3165 Firmware - Intel Killer WI FI 6E Ax1675 Firmware - Intel Killer WI FI 6 Ax1650 Firmware - Intel Killer AC 1550 Firmware -	15
Hardware	Intel Intel Ax210 - Intel Ax201 - Intel Ax200 - Intel AC 9560 - Intel AC 9462 - Intel AC 9461 - Intel AC 9260 - Intel AC 8265 - Intel AC 8260 - Intel AC 3168 - Intel AC 7265 - Intel AC 3165 - Intel Killer WI FI 6E Ax1675 - Intel Killer WI FI 6 Ax1650 - Intel Killer AC 1550 -	15

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References