CVE-2021-1638
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Summary
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Windows 10 Version 20H2 | 10.0.0 < publication | affected |
| Microsoft | Windows Server version 20H2 | 10.0.0 < publication | affected |
| Microsoft | Windows 10 Version 1803 | 10.0.0 < publication | affected |
| Microsoft | Windows 10 Version 1809 | 10.0.0 < publication | affected |
| Microsoft | Windows Server 2019 | 10.0.0 < publication | affected |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.0 < publication | affected |
| Microsoft | Windows 10 Version 1909 | 10.0.0 < publication | affected |
| Microsoft | Windows Server, version 1909 (Server Core installation) | 10.0.0 < publication | affected |
| Microsoft | Windows 10 Version 2004 | 10.0.0 < publication | affected |
| Microsoft | Windows Server version 2004 | 10.0.0 < publication | affected |
Weaknesses
- Security Feature Bypass
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.