Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2020-15509 | First vendor Publication | 2020-07-07 |
Vendor | Cve | Last vendor Modification | 2021-07-21 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | |||
---|---|---|---|
Overall CVSS Score | 6.5 | ||
Base Score | 6.5 | Environmental Score | 6.5 |
impact SubScore | 3.6 | Temporal Score | 6.5 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Adjacent | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | None | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 3.3 | Attack Range | Adjacent network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15509 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-319 | Cleartext Transmission of Sensitive Information |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-08-05 01:37:22 |
|
2021-07-21 17:23:39 |
|
2020-07-15 21:23:08 |
|
2020-07-07 21:23:06 |
|