Wind River Support Network

Meet the Support Network

Home CVE Database CVE-2020-26558

CVE-2020-26558

Description

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

Priority: MEDIUM
CVSS v3: 4.2
Component: linux
Publish Date: May 24, 2021
Related ID: --
CVSS v2: MEDIUM
Modified Date: May 28, 2021

Find out more about CVE-2020-26558 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Fixed LIN10-8719
10.17.41.24 --
Wind River Linux 8 Requires LTSS -- -- --
Wind River Linux 9 Requires LTSS -- -- --
Wind River Linux 7 Requires LTSS -- -- --
Wind River Linux LTS 21 Fixed LIN1021-427
10.21.20.2 --
Wind River Linux LTS 22 Not Vulnerable -- -- --
Wind River Linux LTS 18 Fixed LIN1018-7763
10.18.44.23 --
Wind River Linux LTS 19 Fixed LIN1019-6645
10.19.45.18 --
Wind River Linux CD release Fixed LINCD-5626
10.21.33.0 --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online