CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-24023 – kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
https://notcve.org/view.php?id=CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longitud de clave corta y pueden llevar al descubrimiento de la clave de cifrado y a la inyección en vivo, también conocido como BLUFFS. A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS. • https://dl.acm.org/doi/10.1145/3576915.3623066 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability https://access.redhat.com/security/cve/CVE-2023-24023 https://bugzilla.redhat.com/show_bug.cgi?id=2254961 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24695
https://notcve.org/view.php?id=CVE-2022-24695
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device. • https://sp2023.ieee-security.org/program-papers.html https://www.bluetooth.com/specifications/specs/core-specification https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26109
https://notcve.org/view.php?id=CVE-2023-26109
All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. • https://security.snyk.io/vuln/SNYK-JS-NODEBLUETOOTHSERIALPORT-3311820 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26110
https://notcve.org/view.php?id=CVE-2023-26110
All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. • https://security.snyk.io/vuln/SNYK-JS-NODEBLUETOOTH-3311821 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25836
https://notcve.org/view.php?id=CVE-2022-25836
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion. El emparejamiento Bluetooth® de baja energía en la especificación principal de Bluetooth v4.0 a v5.3 puede permitir que un MITM no autenticado adquiera credenciales con dos dispositivos de emparejamiento a través de un acceso adyacente cuando el MITM negocia el emparejamiento con clave de acceso heredada con el iniciador de emparejamiento y el emparejamiento con clave de acceso de Secure Connections con el emparejamiento de respondedor y fuerza bruta la clave de acceso ingresada por el usuario en el iniciador. El atacante MITM puede usar el valor de clave de acceso identificado para completar la autenticación con el Respondedor a través de una confusión del método de emparejamiento de Bluetooth. • https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security • CWE-294: Authentication Bypass by Capture-replay •