Vulnerabilities > Bluetooth > Bluetooth Core Specification

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-24023 Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
high complexity
bluetooth microsoft
6.8
2023-06-02 CVE-2022-24695 Unspecified vulnerability in Bluetooth Core Specification
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode.
low complexity
bluetooth
4.3
2022-12-12 CVE-2022-25836 Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator.
high complexity
bluetooth CWE-294
7.5
2022-12-12 CVE-2022-25837 Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code.
high complexity
bluetooth CWE-294
7.5
2022-11-08 CVE-2020-35473 Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses.
low complexity
bluetooth CWE-294
4.3
2021-06-25 CVE-2021-31615 Race Condition vulnerability in Bluetooth Core Specification
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link.
2.9
2021-05-24 CVE-2020-26555 Incorrect Authorization vulnerability in multiple products
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
5.4
2021-05-24 CVE-2020-26556 Improper Restriction of Excessive Authentication Attempts vulnerability in Bluetooth Core Specification and Mesh Profile
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
2.9
2021-05-24 CVE-2020-26558 Improper Authentication vulnerability in multiple products
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session.
4.2
2020-09-11 CVE-2020-15802 Improper Authentication vulnerability in Bluetooth Core Specification
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth.
network
high complexity
bluetooth CWE-287
5.9