CVE-2021-1684 MEDIUM

CVE-2021-1684: Windows Bluetooth Security Feature Bypass Vulnerability

Vendor Microsoft
Product Windows 10 Version 20H2
Published January 12, 2021
Last update October 8, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

Key dates

02Disclosure timeline

January 12, 2021 CVE published
October 8, 2024 Record updated