CVE-2020-9770
Published: 1 April 2020
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.
Notes
| Author | Note |
|---|---|
| alexmurray | For Ubuntu this only appears to affect gatttool from bluez. Marking this as low priority since this tool is not running or enabled by default (and is deprecated in favour of bluetoothctl). |
| mdeslaur | no upstream fix as of 2021-05-26 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bluez Launchpad, Ubuntu, Debian |
bionic |
Deferred
|
| focal |
Deferred
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Deferred
|
|
| kinetic |
Ignored
(end of life, was deferred)
|
|
| lunar |
Ignored
(end of life, was deferred)
|
|
| mantic |
Deferred
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |