VDB

CVE-2020-15802

CVE-2020-15802 PUBLISHED

Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.

EPSS 55.80% · 98.1th percentile

Risk Scores

EPSS Score
55.80%
98.1th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSlinux-hwe4.15.0-54.58~16.04.1, 4.15.0-194.205~16.04.1, 4.15.0-193.204~16.04.1
Ubuntu:Pro:16.04:LTSlinux-oracle*, *, *
Ubuntu:Pro:20.04:LTSlinux-iot5.4.0-1011.13, 5.4.0-1030.31, 5.4.0-1023.24
Ubuntu:22.04:LTSlinux-ibm5.15.0-1071.74, 5.15.0-1018.21, 5.15.0-1031.34
Ubuntu:Pro:20.04:LTSlinux-ibm-5.155.15.0-1078.81~20.04.1, 5.15.0-1074.77~20.04.1, 5.15.0-1069.72~20.04.1
Ubuntu:22.04:LTSlinux-oem-6.06.0.0-1020.20, 6.0.0-1010.10, 6.0.0-1014.14
Ubuntu:20.04:LTSlinux-gkeop-5.155.15.0-1036.42~20.04.1, *, 0
Ubuntu:Pro:20.04:LTSlinux-ibm5.4.0-1095.100, 5.4.0-1094.99, 5.4.0-1093.98
Ubuntu:Pro:18.04:LTSlinux-hwe-5.45.4.0-214.234~18.04.1, *, *
Ubuntu:Pro:FIPS-preview:22.04:LTSlinux-gcp-fips*, 0
Ubuntu:24.04:LTSlinux-gcp-6.116.11.0-1017.17~24.04.1, *, 0
Ubuntu:22.04:LTSlinux-azure-6.2*, *, 6.2.0-1005.5~22.04.1
Ubuntu:Pro:FIPS-updates:20.04:LTSlinux-gcp-fips*, *, 5.4.0-1105.114+fips1
Ubuntu:20.04:LTSlinux-azure-5.85.8.0-1040.43~20.04.1, 5.8.0-1039.42~20.04.1, 5.8.0-1036.38~20.04.1
Ubuntu:22.04:LTSlinux-gke5.15.0-1006.7, 5.15.0-1071.77, 5.15.0-1063.69
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-23.25~18.04.1, 5.3.0-24.26~18.04.2, *
Ubuntu:24.04:LTSlinux-oracle-6.140, 6.14.0-1012.12~24.04.1, 6.14.0-1009.9~24.04.1
Ubuntu:22.04:LTSlinux-allwinner-5.190, 5.19.0-1011.11~22.04.1, 5.19.0-1012.12~22.04.1
Ubuntu:Pro:20.04:LTSlinux-hwe-5.155.15.0-134.145~20.04.1, 5.15.0-117.127~20.04.1, 5.15.0-87.97~20.04.1
Ubuntu:24.04:LTSlinux-azure-nvidia6.8.0-1019.20, 6.8.0-1018.19, 6.8.0-1016.17

…and 219 more

Exploit Intelligence

…and 9 more exploits

Timeline

  • Sep 11, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 13, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›