CVE-2020-9770
Published: 1 April 2020
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.
Notes
Author | Note |
---|---|
alexmurray | For Ubuntu this only appears to affect gatttool from bluez. Marking this as low priority since this tool is not running or enabled by default (and is deprecated in favour of bluetoothctl). |
mdeslaur | no upstream fix as of 2021-05-26 |
Priority
Status
Package | Release | Status |
---|---|---|
bluez Launchpad, Ubuntu, Debian |
bionic |
Deferred
|
focal |
Deferred
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Deferred
|
|
kinetic |
Ignored
(end of life, was deferred)
|
|
lunar |
Ignored
(end of life, was deferred)
|
|
mantic |
Deferred
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Deferred
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |