About the impact of the vulnerability "CVE-2020-10135"

Question

SDK: 15.3.0 SoftDevice: S132 Device: EYSHJNZWZ (nRF52832) 
 The following vulnerability "CVE-2020-10135" has been reported by the Bluetooth SIG. Will this device be affected by this vulnerability? 
 https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/ https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10135 
 
 In addition, the Bluetooth SIG recommends the following measures. "hosts support Secure Connections Only mode when this is possible" This content is a recognition that indicates the content of the following tickets. Is my perception correct? Can this vulnerability be prevented by taking the following measures? https://devzone.nordicsemi.com/f/nordic-q-a/14573/secure-connections-only-mode

Didrik Rokhaug · Accepted Answer

Hi, 
 Questions related to security vulnerabilities should be directed to our Product Security Incident Response Team: https://www.nordicsemi.com/About-us/PSIRT 
 Best regards, 
 Didrik

Didrik Rokhaug · Answer

I took a look at the report, and the BIAS vulnerability does not apply to any Nordic products, since it only applies to BR/EDR devices..

About the impact of the vulnerability "CVE-2020-10135"

Top Replies