CVE-2020-35473
CVE-2020-35473 is a medium-severity vulnerability in Bluetooth Bluetooth Core Specification with a CVSS 3.x base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-203.
Key facts
- Severity: Medium (CVSS 3.x base score 4.3)
- EPSS exploit prediction: 0% (26th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-203
- Affected product: Bluetooth Bluetooth Core Specification
- Published:
- Last modified:
Description
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.
Frequently asked questions
- What is CVE-2020-35473?
- An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.
- How severe is CVE-2020-35473?
- CVE-2020-35473 has a CVSS 3.x base score of 4.3, rated medium severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2020-35473 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (26th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2020-35473?
- CVE-2020-35473 affects Bluetooth Bluetooth Core Specification. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2020-35473?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2020-35473 published?
- CVE-2020-35473 was published on 2022-11-08 and last updated on 2026-06-17.
References
- https://dl.acm.org/doi/10.1145/3548606.3559372
- https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html
Affected products (1)
- cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*
More vulnerabilities in Bluetooth Bluetooth Core Specification
- CVE-2022-25837 — High (CVSS 7.5): Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire…
- CVE-2022-25836 — High (CVSS 7.5): Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to…
- CVE-2020-26556 — High (CVSS 7.5): Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful…
- CVE-2023-24023 — Medium (CVSS 6.8): Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2…
- CVE-2020-15802 — Medium (CVSS 5.9): Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key…
- CVE-2020-26555 — Medium (CVSS 5.4): Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated…
All CVEs affecting Bluetooth Bluetooth Core Specification →
Other CWE-203 (Observable Discrepancy) vulnerabilities
- CVE-2019-25337 — Critical (CVSS 9.8): OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by…
- CVE-2026-23519 — Critical (CVSS 9.8): RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in…
- CVE-2025-27667 — Critical (CVSS 9.8): Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative…
- CVE-2024-25714 — Critical (CVSS 9.8): In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel…
- CVE-2024-25191 — Critical (CVSS 9.8): php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass…
- CVE-2024-25190 — Critical (CVSS 9.8): l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass…
Browse all CWE-203 (Observable Discrepancy) vulnerabilities →