Bluetooth Firmware Update Vulnerability
CVE-2020-10370

8.8HIGH

Key Information:

Vendor: Cypress Semiconductor Corporation
Vendor: CVE Published:; 11 November 2024

🔔 Create Cypress Semiconductor Corporation Vulnerability Alert

What is CVE-2020-10370?

Certain wireless combo chips produced by Cypress and Broadcom, such as the CYW43455, can experience a Bluetooth outage when specific Bluetooth firmware updates are absent. This vulnerability can be exploited through a method called the 'Spectra' attack, leading to potential service disruptions. Users and organizations relying on these chipsets should ensure their systems are equipped with the latest firmware to mitigate risks associated with this vulnerability.

References

https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo...

https://github.com/RPi-Distro/bluez-firmware/commit/8445a...

https://security-tracker.debian.org/tracker/CVE-2020-10370

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2024

JSON