JVN#67447798
Multiple SONY Wireless Headphones allow improper Bluetooth pairing
Overview
Multiple SONY Wireless Headphones allow improper Bluetooth pairing.
Products Affected
The following products with firmware versions prior to 4.5.2 are affected.
- WF-1000X
- WF-SP700N
- WH-1000XM2
- WH-1000XM3
- WH-CH700N
- WH-H900N
- WH-XB700
- WH-XB900N
- WI-1000X
- WI-C600N
- WI-SP600N
Description
Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing(CWE-306).
Impact
When using the product, someone within the Bluetooth range may make the Bluetooth pairing and operate such as changing volume of the product.
Solution
Update the Firmware
Update the firmware to the latest version according to the information privided by the developer.
The developer provides the firmware version 4.5.2 to fix this vulnerability.
Vendor Status
| Vendor | Link |
| Sony | Support for Headphones | Sony USA |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
The analysis assumes that an attacker within the Bluetooth range of the product connect (Bluetooth pairing) and control the product.
Credit
National Institute of Technology, Tokyo College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2020-5589 |
| JVN iPedia |
JVNDB-2020-000037 |
Update History
- 2020/06/23
- firmware version information and CWE added.