CVE-2020-26555

Advisory lineage Upstream: 0 Downstream: 20

Downstream

MGASA-2023-0328 MGASA-2023-0331 RHSA-2024:2394 RHSA-2024:4211 RHSA-2024:4352 SUSE-SU-2024:0110-1

Modified

Published: 24 May 2021, 17:41

Last modified:04 Nov 2025, 19:12

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.4 MEDIUM

v3.1 (nvd)

EPSS Score

0.12% LOW

0% probability -0.07%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 May 2021, 17:41

Published

Vulnerability first disclosed

04 Nov 2025, 19:12

Last Modified

Vulnerability information updated

Description

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

CVSS Metrics

v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
v2.0•MEDIUM•Score: 4.8AV:A/AC:L/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.12%• Percentile: 31%

Techniques & Countermeasures

CWE-863•Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Affected Systems

bluetooth•bluetooth_core_specification
≥ 1.1b, ≤ 5.2
fedoraproject•fedora
34
intel•ac_3165_firmware
na
intel•ac_3168_firmware
na
intel•ac_7265_firmware
na
intel•ac_8260_firmware
na
intel•ac_8265_firmware
na
intel•ac_9260_firmware
na
intel•ac_9461_firmware
na
intel•ac_9462_firmware
na
intel•ac_9560_firmware
na
intel•ax200_firmware
na
intel•ax201_firmware
na
intel•ax210_firmware
na
intel•killer_ac_1550_firmware
na
intel•killer_wi-fi_6_ax1650_firmware
na
intel•killer_wi-fi_6e_ax1675_firmware
na