Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-12270

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Apr, 2020 | 03:26
Updated At-04 Aug, 2024 | 11:48
Rejected At-
Credits

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it was a false alert if contact-history comparison fails (i.e., an F0 is not actually part of the contact history obtained from the device of this recipient, or this recipient is not actually part of the contact history obtained from the device of an F0)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Apr, 2020 | 03:26
Updated At:04 Aug, 2024 | 11:48
Rejected At:
▼CVE Numbering Authority (CNA)

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it was a false alert if contact-history comparison fails (i.e., an F0 is not actually part of the contact history obtained from the device of this recipient, or this recipient is not actually part of the contact history obtained from the device of an F0)

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/CHANGELOG.md
x_refsource_MISC
https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/package.json#L27
x_refsource_MISC
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/TraceCovidModule.java#L98
x_refsource_MISC
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/AndroidManifest.xml#L11-L12
x_refsource_MISC
https://vnhacker.blogspot.com/2020/04/vietnams-contact-tracing-app_26.html
x_refsource_MISC
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/BluezonerIdGenerator.java#L18-L28
x_refsource_MISC
https://bluezone.ai/CVE
x_refsource_MISC
Hyperlink: https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/CHANGELOG.md
Resource:
x_refsource_MISC
Hyperlink: https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/package.json#L27
Resource:
x_refsource_MISC
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/TraceCovidModule.java#L98
Resource:
x_refsource_MISC
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/AndroidManifest.xml#L11-L12
Resource:
x_refsource_MISC
Hyperlink: https://vnhacker.blogspot.com/2020/04/vietnams-contact-tracing-app_26.html
Resource:
x_refsource_MISC
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/BluezonerIdGenerator.java#L18-L28
Resource:
x_refsource_MISC
Hyperlink: https://bluezone.ai/CVE
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/CHANGELOG.md
x_refsource_MISC
x_transferred
https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/package.json#L27
x_refsource_MISC
x_transferred
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/TraceCovidModule.java#L98
x_refsource_MISC
x_transferred
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/AndroidManifest.xml#L11-L12
x_refsource_MISC
x_transferred
https://vnhacker.blogspot.com/2020/04/vietnams-contact-tracing-app_26.html
x_refsource_MISC
x_transferred
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/BluezonerIdGenerator.java#L18-L28
x_refsource_MISC
x_transferred
https://bluezone.ai/CVE
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/CHANGELOG.md
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/package.json#L27
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/TraceCovidModule.java#L98
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/AndroidManifest.xml#L11-L12
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://vnhacker.blogspot.com/2020/04/vietnams-contact-tracing-app_26.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/BluezonerIdGenerator.java#L18-L28
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bluezone.ai/CVE
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Apr, 2020 | 04:15
Updated At:17 May, 2024 | 01:41

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it was a false alert if contact-history comparison fails (i.e., an F0 is not actually part of the contact history obtained from the device of this recipient, or this recipient is not actually part of the contact history obtained from the device of an F0)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
bluezone
bluezone
>>bluezone>>1.0.0
cpe:2.3:a:bluezone:bluezone:1.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-330Primarynvd@nist.gov
CWE ID: CWE-330
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bluezone.ai/CVEcve@mitre.org
N/A
https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/CHANGELOG.mdcve@mitre.org
Release Notes
Third Party Advisory
https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/package.json#L27cve@mitre.org
Third Party Advisory
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/AndroidManifest.xml#L11-L12cve@mitre.org
Third Party Advisory
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/BluezonerIdGenerator.java#L18-L28cve@mitre.org
Third Party Advisory
https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/TraceCovidModule.java#L98cve@mitre.org
Third Party Advisory
https://vnhacker.blogspot.com/2020/04/vietnams-contact-tracing-app_26.htmlcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://bluezone.ai/CVE
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/CHANGELOG.md
Source: cve@mitre.org
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/BluezoneGlobal/bluezone-app/blob/afa15fcec391f0edc51d0486a4ca84dd2520bbb3/package.json#L27
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/AndroidManifest.xml#L11-L12
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/BluezonerIdGenerator.java#L18-L28
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/BluezoneGlobal/react-native-bluetooth-scan/blob/d9ee70fd594093a30e50b6e62a7593a8397c2dab/lib/android/src/main/java/com/scan/TraceCovidModule.java#L98
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://vnhacker.blogspot.com/2020/04/vietnams-contact-tracing-app_26.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2020-27264
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.78%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 20:46
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.

Action-Not Available
Vendor-sooiln/a
Product-anydana-i_firmwareanydana-ianydana-adiabecare_rsanydana-a_firmwarediabecare_rs_firmwareSOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2018-1279
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-0.32% / 54.80%
||
7 Day CHG~0.00%
Published-10 Dec, 2018 | 19:00
Updated-17 Sep, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RabbitMQ cluster compromise due to deterministically generated cookie

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-rabbitmqRabbitMq for PCF
CWE ID-CWE-330
Use of Insufficiently Random Values
Details not found