CVE-2020-15509
- Source
- https://cve.org/CVERecord?id=CVE-2020-15509
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15509.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15509
- Published
- 2020-07-07T14:15:11.380Z
- Modified
- 2025-12-06T14:01:33.713516Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).
- References
Affected packages
Git
github.com/nordicsemiconductor/android-ble-library
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nordicsemiconductor/android-ble-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v1.*
v1.0.0
v1.1.0
v1.2.0
v2.*
v2.0-alpha1
v2.0-alpha2
v2.0-alpha3
v2.0-alpha4
v2.0-alpha5
v2.0-alpha6
v2.0-beta10
v2.0-beta2
v2.0-beta3
v2.0-beta5
v2.0-beta6
v2.0-beta7
v2.0-beta8
v2.0-beta9
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.1.0
v2.1.1
v2.2.0
v2.2.0-alpha02
v2.2.0-alpha04
v2.2.0-alpha05
v2.2.0-alpha06
v2.2.0-alpha07
v2.2.0-alpha08
v2.2.0-alpha09
v2.2.0-alpha10
v2.2.0-alpha13
v2.2.0-beta01
v2.2.0-beta02
v2.2.0-beta03
v2.2.1
github.com/nordicsemiconductor/android-dfu-library
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nordicsemiconductor/android-dfu-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected