How severe is CVE-2020-26558?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2020-26558?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-26558 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

Related Vulnerabilities

CVE-2018-11770

MEDIUM

CVSS:4.2(Medium)

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spa...

CWE-2872018

CVE-2020-26834

MEDIUM

CVSS:4.2(Medium)

SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token ...

CWE-2872020

CVE-2016-10835

MEDIUM

CVSS:4.3(Medium)

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

CWE-2872016

CVE-2016-4863

MEDIUM

CVSS:4.3(Medium)

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series ...

CWE-2872016

CVE-2017-1000110

MEDIUM

CVSS:4.3(Medium)

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines i...

CWE-2872017

CVE-2017-1002024

MEDIUM

CVSS:4.3(Medium)

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

CWE-2872017