• State Verified Answer
  • Replies 3 replies
  • Subscribers 87 subscribers
  • Views 1510 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 258185
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

About the impact of the vulnerability "CVE-2020-10135"

takashina hiroki

SDK: 15.3.0
SoftDevice: S132
Device: EYSHJNZWZ (nRF52832)

The following vulnerability "CVE-2020-10135" has been reported by the Bluetooth SIG.
Will this device be affected by this vulnerability?

https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/reporting-security/
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10135

In addition, the Bluetooth SIG recommends the following measures.
"hosts support Secure Connections Only mode when this is possible"
This content is a recognition that indicates the content of the following tickets.
Is my perception correct?
Can this vulnerability be prevented by taking the following measures?
https://devzone.nordicsemi.com/f/nordic-q-a/14573/secure-connections-only-mode

Parents Reply
  • 0 in reply to Didrik Rokhaug

    The link you gave me has the following description.

    Note: The above email address is intended ONLY for the purposes of reporting product or service security vulnerabilities. 
It is not meant for technical support information on our products or services. 
All content other than that specific to security vulnerabilities in our products or services will be dropped. 
For technical and customer support inquiries, please visit our Developer Zone.

    It says "ONLY for the purposes of reporting product or service security vulnerabilities".
    Can I ask a question to "[email protected]" instead of a report?
    Is there any other place to ask questions?

Children
Related
Terms of service