VDB
CVE-2020-10370
CVE-2020-10370
PUBLISHED
Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack.
EPSS 0.10% · 27.6th percentile
Risk Scores
EPSS Score
0.10%
27.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | linux-firmware-raspi2 | 0, 1.20161020-0ubuntu1, 1.20180919-0ubuntu0.18.04.2 |
Exploit Intelligence
- CIRCL seen: CVE-2020-10370 (circl-sighting)
- https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp (circl)
- https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a (circl)
- https://security-tracker.debian.org/tracker/CVE-2020-10370 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=2052676 (circl)
- https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp (circl)
Timeline
- Nov 10, 2024 CVE Published
- Nov 10, 2024 PoC Published
- Nov 11, 2024 EPSS Score
- Nov 29, 2024 EPSS Score
- Dec 18, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Jan 22, 2025 EPSS Score
- Jan 27, 2025 CVE Updated
- Feb 9, 2025 EPSS Score
- Feb 27, 2025 EPSS Score
- Mar 16, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-10370 third-party-advisory
- https://access.redhat.com/security/cve/CVE-2020-10370 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-10370 third-party-advisory