VDB
CVE-2020-15802
CVE-2020-15802
PUBLISHED
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.
EPSS 55.80% · 98.1th percentile
Risk Scores
EPSS Score
55.80%
98.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | linux-hwe | 4.15.0-54.58~16.04.1, 4.15.0-194.205~16.04.1, 4.15.0-193.204~16.04.1 |
| Ubuntu:Pro:16.04:LTS | linux-oracle | *, *, * |
| Ubuntu:Pro:20.04:LTS | linux-iot | 5.4.0-1011.13, 5.4.0-1030.31, 5.4.0-1023.24 |
| Ubuntu:22.04:LTS | linux-ibm | 5.15.0-1071.74, 5.15.0-1018.21, 5.15.0-1031.34 |
| Ubuntu:Pro:20.04:LTS | linux-ibm-5.15 | 5.15.0-1078.81~20.04.1, 5.15.0-1074.77~20.04.1, 5.15.0-1069.72~20.04.1 |
| Ubuntu:22.04:LTS | linux-oem-6.0 | 6.0.0-1020.20, 6.0.0-1010.10, 6.0.0-1014.14 |
| Ubuntu:20.04:LTS | linux-gkeop-5.15 | 5.15.0-1036.42~20.04.1, *, 0 |
| Ubuntu:Pro:20.04:LTS | linux-ibm | 5.4.0-1095.100, 5.4.0-1094.99, 5.4.0-1093.98 |
| Ubuntu:Pro:18.04:LTS | linux-hwe-5.4 | 5.4.0-214.234~18.04.1, *, * |
| Ubuntu:Pro:FIPS-preview:22.04:LTS | linux-gcp-fips | *, 0 |
| Ubuntu:24.04:LTS | linux-gcp-6.11 | 6.11.0-1017.17~24.04.1, *, 0 |
| Ubuntu:22.04:LTS | linux-azure-6.2 | *, *, 6.2.0-1005.5~22.04.1 |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-gcp-fips | *, *, 5.4.0-1105.114+fips1 |
| Ubuntu:20.04:LTS | linux-azure-5.8 | 5.8.0-1040.43~20.04.1, 5.8.0-1039.42~20.04.1, 5.8.0-1036.38~20.04.1 |
| Ubuntu:22.04:LTS | linux-gke | 5.15.0-1006.7, 5.15.0-1071.77, 5.15.0-1063.69 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.3.0-23.25~18.04.1, 5.3.0-24.26~18.04.2, * |
| Ubuntu:24.04:LTS | linux-oracle-6.14 | 0, 6.14.0-1012.12~24.04.1, 6.14.0-1009.9~24.04.1 |
| Ubuntu:22.04:LTS | linux-allwinner-5.19 | 0, 5.19.0-1011.11~22.04.1, 5.19.0-1012.12~22.04.1 |
| Ubuntu:Pro:20.04:LTS | linux-hwe-5.15 | 5.15.0-134.145~20.04.1, 5.15.0-117.127~20.04.1, 5.15.0-87.97~20.04.1 |
| Ubuntu:24.04:LTS | linux-azure-nvidia | 6.8.0-1019.20, 6.8.0-1018.19, 6.8.0-1016.17 |
…and 219 more
Exploit Intelligence
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc-repo)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc-repo)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc-repo)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc-repo)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc-repo)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc-repo)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc-repo)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc)
- BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy [CVE-2020-15802] [CVE-2022-20361] (github-poc)
…and 9 more exploits
Timeline
- Sep 11, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-15802 third-party-advisory
- https://www.kb.cert.org/vuls/id/589825/ third-party-advisory
- https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709 third-party-advisory
- https://www.kb.cert.org/vuls/id/589825 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15802 third-party-advisory