OpenCVE

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bluetooth	Bluetooth Core Specification

Configuration 1 [-]

cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://dl.acm.org/doi/10.1145/3548606.3559372
https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-08T00:00:00

Updated: 2024-08-04T17:02:08.006Z

Reserved: 2020-12-16T00:00:00

Link: CVE-2020-35473

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-08T06:15:09.403

Modified: 2024-11-21T05:27:21.667

Link: CVE-2020-35473

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*", "matchCriteriaId": "313E8F2B-729D-4037-A7D1-BEB2234EFB85", "versionEndIncluding": "5.2", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel."}, {"lang": "es", "value": "Se puede utilizar una vulnerabilidad de fuga de informaci\u00f3n en la respuesta de escaneo de publicidad de Bluetooth Low Energy en las Especificaciones principales de Bluetooth 4.0 a 5.2, y la respuesta de escaneo extendida en las Especificaciones principales de Bluetooth 5.0 a 5.2, para identificar dispositivos que usan Resolvable Private Addressing (RPA) por su respuesta o no-respuesta a solicitudes de escaneo espec\u00edficas desde direcciones remotas. Los RPA que se han asociado con un dispositivo remoto espec\u00edfico tambi\u00e9n se pueden usar para identificar a un par de la misma manera mediante su reacci\u00f3n a una solicitud de escaneo activo. A esto tambi\u00e9n se le ha denominado canal lateral basado en listas permitidas."}], "id": "CVE-2020-35473", "lastModified": "2024-11-21T05:27:21.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-08T06:15:09.403", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}, {"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}]}