How severe is CVE-2020-15802?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2020-15802?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-15802 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.

Related Vulnerabilities

CVE-2013-3096

MEDIUM

CVSS:5.9(Medium)

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.

CWE-2872013

CVE-2013-5123

MEDIUM

CVSS:5.9(Medium)

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

CWE-2872013

CVE-2014-10067

MEDIUM

CVSS:5.9(Medium)

paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacke...

CWE-2872014

CVE-2016-2124

MEDIUM

CVSS:5.9(Medium)

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CWE-2872016

CVE-2017-12196

MEDIUM

CVSS:5.9(Medium)

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header match...

CWE-2872017

CVE-2017-14117

MEDIUM

CVSS:5.9(Medium)

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remo...

CWE-2872017