Published:2020/06/09  Last Updated:2020/06/23

JVN#67447798
Multiple SONY Wireless Headphones allow improper Bluetooth pairing

Overview

Multiple SONY Wireless Headphones allow improper Bluetooth pairing.

Products Affected

The following products with firmware versions prior to 4.5.2 are affected.​

  • WF-1000X
  • WF-SP700N
  • WH-1000XM2
  • WH-1000XM3
  • WH-CH700N
  • WH-H900N
  • WH-XB700
  • WH-XB900N
  • WI-1000X
  • WI-C600N
  • WI-SP600N

Description

Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing(CWE-306).

Impact

When using the product, someone within the Bluetooth range may make the Bluetooth pairing and operate such as changing volume of the product.

Solution

Update the Firmware
Update the firmware to the latest version according to the information privided by the developer.

The developer provides the firmware version 4.5.2 to fix this vulnerability.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score: 5.4
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:A/AC:L/Au:N/C:N/I:P/A:P
Base Score: 4.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Comment

The analysis assumes that an attacker within the Bluetooth range of the product connect (Bluetooth pairing) and control the product.

Credit

National Institute of Technology, Tokyo College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5589
JVN iPedia JVNDB-2020-000037

Update History

2020/06/23
firmware version information and CWE added.