Vulnerability Details : CVE-2020-0556
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2020-0556
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 41 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-0556
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:P |
6.5
|
6.4
|
[email protected] |
|
7.1
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
2.8
|
3.7
|
[email protected] |
References for CVE-2020-0556
-
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html
Mailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4647
Third Party Advisory
-
https://security.gentoo.org/glsa/202003-49
Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html
Mailing List;Third Party Advisory
-
https://usn.ubuntu.com/4311-1/
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html
Mailing List;Third Party Advisory
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
Patch;Third Party Advisory
Products affected by CVE-2020-0556
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*