Details of VAR-202006-1506

ID

VAR-202006-1506

CVE

CVE-2020-5589

TITLE

Made by multiple Sony Bluetooth In headphones Bluetooth Pairing processing vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-000037

DESCRIPTION

SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer

Trust: 1.62

sources: NVD: CVE-2020-5589 // JVNDB: JVNDB-2020-000037

IOT TAXONOMY

category:

['wearable device']

sub_category:

headphone

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	sony	model:	wh-h900n	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wh-xb700	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wh-1000xm3	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wf-1000x	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wh-1000xm2	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wf-sp700n	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wh-ch700n	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wh-xb900n	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wi-sp600n	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wi-c600n	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wi-1000x	scope:	eq	version:	-	Trust: 1.0
vendor:	sony	model:	wf-1000x	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wf-sp700n	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wh-1000xm2	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wh-1000xm3	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wh-ch700n	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wh-h900n	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wh-xb700	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wh-xb900n	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wi-1000x	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wi-c600n	scope:	-	version:	-	Trust: 0.8
vendor:	sony	model:	wi-sp600n	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-000037 // NVD: CVE-2020-5589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5589
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2020-000037
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202006-741
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-5589
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2020-000037
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-5589
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2020-000037
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-000037 // CNNVD: CNNVD-202006-741 // NVD: CVE-2020-5589

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2020-000037 // NVD: CVE-2020-5589

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-741

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202006-741

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-000037

PATCH

title:

本体アップデート情報

url:

https://www.sony.jp/headphone/update/

Trust: 0.8

sources: JVNDB: JVNDB-2020-000037

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5589	Trust: 2.5
db:	JVN	id:	JVN67447798	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-000037	Trust: 1.4
db:	CNNVD	id:	CNNVD-202006-741	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2020-000037 // CNNVD: CNNVD-202006-741 // NVD: CVE-2020-5589

REFERENCES

url:	https://www.sony.com/electronics/support/audio-video-headphones	Trust: 1.6
url:	https://jvn.jp/en/jp/jvn67447798/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5589	Trust: 0.8
url:	https://jvn.jp/jp/jvn67447798/index.html	Trust: 0.8
url:	https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000037.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5589	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2020-000037 // CNNVD: CNNVD-202006-741 // NVD: CVE-2020-5589

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2020-000037
db:	CNNVD	id:	CNNVD-202006-741
db:	NVD	id:	CVE-2020-5589

LAST UPDATE DATE

2025-01-30T22:36:04.122000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-000037	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202006-741	date:	2020-06-30T00:00:00
db:	NVD	id:	CVE-2020-5589	date:	2024-11-21T05:34:19.373

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-000037	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202006-741	date:	2020-06-09T00:00:00
db:	NVD	id:	CVE-2020-5589	date:	2020-06-09T08:15:11.233