Vulnerability Details : CVE-2020-10370
Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack.
Products affected by CVE-2020-10370
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2020-10370
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10370
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-27 |
References for CVE-2020-10370
-
https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp
Spectra: Neue Sicherheitslücken bei drahtlosen Chips – Informatik – TU Darmstadt
-
https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp
Secure Mobile Networking Lab – Secure Mobile Networking Lab
-
https://bugzilla.redhat.com/show_bug.cgi?id=2052676
2052676 – (CVE-2020-10370) CVE-2020-10370 Bluez: bluetooth firmware has Sweyntooth and Spectra issues
-
https://security-tracker.debian.org/tracker/CVE-2020-10370
CVE-2020-10370
-
https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a
Second Spectra fix for CYW43455 (CVE-2020-10370) · RPi-Distro/bluez-firmware@8445a53 · GitHub
Jump to