Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-35473

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.

Published

2022-11-08T06:15:09.403

Last Modified

2025-05-01T18:15:46.260

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-203
CWE-294
Type: Secondary
CWE-294

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bluetooth	bluetooth_core_specification	≤ 5.2	Yes

References

https://dl.acm.org/doi/10.1145/3548606.3559372 Technical Description, Third Party Advisory ([email protected])
https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html Technical Description, Third Party Advisory ([email protected])
https://dl.acm.org/doi/10.1145/3548606.3559372 Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)