Guest

Preview Tool

Cisco Bug: CSCvu16167 - Evaluation of bigeasy-video for Method Confusion Pairing Vulnerability for LE and BR/EDR Implementer

Last Modified

Jun 16, 2020

Products (1)

  • Cisco IP Phone 8800 Series

Known Affected Releases

12.8(1)

Description (partial)

CISCO HIGHLY CONFIDENTIAL - CONTROLLED ACCESS

This issue is under review by the Cisco Product Security Incident Response
team (PSIRT).

The defect describes a product security vulnerability.  Its contents must
be protected from unauthorized disclosure, both internal and external to
Cisco. Do not forward this information to mailing lists or newsgroups.

Documentation writers: it is prohibited to publish this Release-note
Enclosure (RNE) until the content has been approved by PSIRT.  PSIRT may
publish a Security Advisory regarding this defect, and the current text of
this RNE will be replaced with appropriate information.  In the event that
a Security Advisory is not published, PSIRT will replace this text with an
appropriate explanation.

More information on PSIRT is available at http//psirt.cisco.com/.
Cisco's public policy on security vulnerability handling can be reviewed at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
For further information, send a message to psirt@cisco.com.

Symptom:
This product includes a version of  Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) or Bluetooth Low Energy (LE) protocol stack  that is affected by the vulnerability named  Method Confusion Pairing and identified by the following Common Vulnerability and Exposures (CVE) ID:

CVE-2020-10134

This bug was opened to address the potential impact on this product.

Conditions:
Device with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.