[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252588

 
 

909

 
 

196930

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-13702Date: (C)2020-06-15   (M)2023-12-22


The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 10.0CVSS Score : 6.4
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.8Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
https://blog.google/documents/70/Exposure_Notification_-_Bluetooth_Specification_v1.2.2.pdf
https://github.com/google/exposure-notifications-internals/commit/8f751a666697
https://github.com/google/exposure-notifications-internals/commit/8f751a666697c3cae0a56ae3464c2c6cbe31b69e
https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200611.pdf
https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616-2.pdf
https://github.com/normanluhrmann/infosec/raw/master/exposure-notification-vulnerability-20200616.pdf

CWE    1
CWE-200

© SecPod Technologies