cve-2020-35473
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-04 17:02
Severity ?
Summary
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.
References
cve@mitre.orghttps://dl.acm.org/doi/10.1145/3548606.3559372Technical Description, Third Party Advisory
cve@mitre.orghttps://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.htmlTechnical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://dl.acm.org/doi/10.1145/3548606.3559372Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.htmlTechnical Description, Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-08T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"
        },
        {
          "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35473",
    "datePublished": "2022-11-08T00:00:00",
    "dateReserved": "2020-12-16T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndIncluding\": \"5.2\", \"matchCriteriaId\": \"313E8F2B-729D-4037-A7D1-BEB2234EFB85\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.\"}, {\"lang\": \"es\", \"value\": \"Se puede utilizar una vulnerabilidad de fuga de informaci\\u00f3n en la respuesta de escaneo de publicidad de Bluetooth Low Energy en las Especificaciones principales de Bluetooth 4.0 a 5.2, y la respuesta de escaneo extendida en las Especificaciones principales de Bluetooth 5.0 a 5.2, para identificar dispositivos que usan Resolvable Private Addressing (RPA) por su respuesta o no-respuesta a solicitudes de escaneo espec\\u00edficas desde direcciones remotas. Los RPA que se han asociado con un dispositivo remoto espec\\u00edfico tambi\\u00e9n se pueden usar para identificar a un par de la misma manera mediante su reacci\\u00f3n a una solicitud de escaneo activo. A esto tambi\\u00e9n se le ha denominado canal lateral basado en listas permitidas.\"}]",
      "id": "CVE-2020-35473",
      "lastModified": "2024-11-21T05:27:21.667",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2022-11-08T06:15:09.403",
      "references": "[{\"url\": \"https://dl.acm.org/doi/10.1145/3548606.3559372\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://dl.acm.org/doi/10.1145/3548606.3559372\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}, {\"lang\": \"en\", \"value\": \"CWE-294\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-35473\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-11-08T06:15:09.403\",\"lastModified\":\"2024-11-21T05:27:21.667\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.\"},{\"lang\":\"es\",\"value\":\"Se puede utilizar una vulnerabilidad de fuga de informaci\u00f3n en la respuesta de escaneo de publicidad de Bluetooth Low Energy en las Especificaciones principales de Bluetooth 4.0 a 5.2, y la respuesta de escaneo extendida en las Especificaciones principales de Bluetooth 5.0 a 5.2, para identificar dispositivos que usan Resolvable Private Addressing (RPA) por su respuesta o no-respuesta a solicitudes de escaneo espec\u00edficas desde direcciones remotas. Los RPA que se han asociado con un dispositivo remoto espec\u00edfico tambi\u00e9n se pueden usar para identificar a un par de la misma manera mediante su reacci\u00f3n a una solicitud de escaneo activo. A esto tambi\u00e9n se le ha denominado canal lateral basado en listas permitidas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"},{\"lang\":\"en\",\"value\":\"CWE-294\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndIncluding\":\"5.2\",\"matchCriteriaId\":\"313E8F2B-729D-4037-A7D1-BEB2234EFB85\"}]}]}],\"references\":[{\"url\":\"https://dl.acm.org/doi/10.1145/3548606.3559372\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://dl.acm.org/doi/10.1145/3548606.3559372\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.