CVE-2020-10369
MEDIUM EPSS 29.2%
Published Nov 10, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Nov 10, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low
Threat Intelligence
EPSS Exploit Probability
29.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-203
References 4
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2052676
- github.com https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a
- informatik.tu-darmstadt.de https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp
- informatik.tu-darmstadt.de https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.