CVE-2020-10135: Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks

Published Jul 22, 2019
·
Updated

A vulnerability affecting Bluetooth BR/EDR pairing was found in the Bluetooth Core specification versions 1.0 through 5.2. The flaw could allow an attacking device to spoof the address of a previously paired remote device to successfully complete the authentication procedure with some paired/bonded devices while not possessing the link key. This can permit an attacker to initiate the Bluetooth Key Negotiation attack (KNOB) on encryption key strength without intervening in an ongoing pairing procedure through an injection attack.

Other sources

Bluetooth. An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

Launchpad

Credit

Daniele Antonioli(SUTD), Singapore, Dr. Nils Ole Tippenhauer(CISPA), Germany, Pr(University of Oxford), England

Affected Software

9 affected componentsFixes available
Apple tvOS<12.4
12.4
Apple macOS Mojave<10.14.6
10.14.6
Apple High Sierra
Apple Sierra
Apple WatchOS<5.3
5.3
Bluetooth Bluetooth Core<=5.2
Bluetooth Bluetooth Core<=5.2
openSUSE Leap=15.1
Apple iOS<12.4
12.4

Remediation

Patch Available

https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Patch Available

https://git.kernel.org/linus/3ca44c16b0dcc764b641ee4ac226909f5c421aa3

Patch Available

https://git.kernel.org/linus/8746f135bb01872ff412d408ea1aa9ebd328c1f5

Event History

May 6, 2020
Data Sourced
via Red Hat·04:31 PM
DescriptionSeverityAffected Software
May 19, 2020
CVE Published
via MITRE·03:50 PM
Data Sourced
via MITRE·03:50 PM
DescriptionSeverityWeakness
Jan 11, 2024
Data Sourced
via Launchpad·11:34 PM
Description
Data Sourced
via Debian·11:34 PM
DescriptionAffected Software
May 6, 2025
Data Sourced
via Ubuntu·04:18 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2020-10135?

CVE-2020-10135 is considered a high severity vulnerability that affects Bluetooth pairing.

2

How do I fix CVE-2020-10135?

To mitigate CVE-2020-10135, ensure your affected devices are updated to the latest software versions provided by the vendor.

3

What devices are affected by CVE-2020-10135?

CVE-2020-10135 affects various Apple products including iOS, macOS Mojave, High Sierra, Sierra, watchOS, and tvOS, as well as some Bluetooth Core implementations.

4

Can CVE-2020-10135 be exploited remotely?

Yes, CVE-2020-10135 can potentially allow an attacker to spoof a device and exploit the vulnerability within Bluetooth BR/EDR pairing.

5

Is CVE-2020-10135 related to Bluetooth version limitations?

CVE-2020-10135 affects Bluetooth Core specifications from version 1.0 through 5.2.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203