HOMEVULNERABILITIESCVE-2020-10135
MEDIUM

CVE-2020-10135

CWE-757Published: May 19, 2020· Updated: Jun 17, 2026

5.4
CVSS v3.1

Official Description

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

NVD Source

Technical Analysis

CVE-2020-10135 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorAdjacent
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityLow
IntegrityLow
AvailabilityNone
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Vendors & Products

bluetooth1 product(s)
bluetooth core
openSUSE1 product(s)
leap
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlBroken Link · Mailing List · Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.htmlBroken Link · Mailing List · Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jun/5Exploit · Mailing List · Third Party Advisory
https://kb.cert.org/vuls/id/647177/Third Party Advisory · US Government Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlBroken Link · Mailing List · Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.htmlBroken Link · Mailing List · Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jun/5Exploit · Mailing List · Third Party Advisory
https://kb.cert.org/vuls/id/647177/Third Party Advisory · US Government Resource

Quick Facts

CVE IDCVE-2020-10135
CVSS Score5.4 / 10
SeverityMEDIUM
WeaknessCWE-757
CISA KEVNo
Affected2 vendor(s)
PublishedMay 19, 2020

Related CVEs (CWE-757)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2020-10135 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.