CVEs-PoC/2020/CVE-2020-10135.md

### [CVE-2020-10135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10135)
![](https://img.shields.io/static/v1?label=Product&message=BR%2FEDR&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.2%3C%3D%205.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-757%20Selection%20of%20Less-Secure%20Algorithm%20During%20Negotiation%20('Algorithm%20Downgrade')&color=brighgreen)

### Description

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

### POC

#### Reference
- http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html
- http://seclists.org/fulldisclosure/2020/Jun/5

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AlexandrBing/broadcom-bt-firmware
- https://github.com/Charmve/BLE-Security-Attack-Defence
- https://github.com/Essen-Lin/Practice-of-the-Attack-and-Defense-of-Computers_Project2
- https://github.com/JeffroMF/awesome-bluetooth-security321
- https://github.com/WinMin/Protocol-Vul
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/engn33r/awesome-bluetooth-security
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/m4rm0k/CVE-2020-10135-BIAS
- https://github.com/marcinguy/CVE-2020-10135-BIAS
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/sgxgsx/BlueToolkit
- https://github.com/soosmile/POC
- https://github.com/winterheart/broadcom-bt-firmware