CVE-2020-26558

4.2 MEDIUM
Published: May 24, 2021 Modified: November 04, 2025
View on NVD

Description

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://kb.cert.org/vuls/id/799380
Source: cve@mitre.org
Third Party Advisory US Government Resource
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Source: cve@mitre.org
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Source: cve@mitre.org
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
Source: cve@mitre.org
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
Source: cve@mitre.org
https://security.gentoo.org/glsa/202209-16
Source: cve@mitre.org
Third Party Advisory
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Source: cve@mitre.org
Vendor Advisory
https://www.debian.org/security/2021/dsa-4951
Source: cve@mitre.org
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
Source: cve@mitre.org
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
Source: cve@mitre.org
Third Party Advisory
https://kb.cert.org/vuls/id/799380
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/202209-16
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.debian.org/security/2021/dsa-4951
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.kb.cert.org/vuls/id/799380
Source: af854a3a-2127-422b-91ae-364da2661108

21 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.2 / 10.0
EPSS (Exploit Probability)
0.0%
5th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

bluetooth debian intel linux fedoraproject

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3