CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52160 – wpa_supplicant: potential authorization bypass
https://notcve.org/view.php?id=CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. La implementación de PEAP en wpa_supplicant hasta la versión 2.10 permite omitir la autenticación. • https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c https://www.top10vpn.com/research/wifi-vulnerabilities https://access.redhat.com/security/cve/CVE-2023-52160 https://bugzilla.redhat.com/ • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 6.3EPSS: 0%CPEs: 28EXPL: 0CVE-2023-45866
https://notcve.org/view.php?id=CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con función periférica no autenticada inicie y establezca una conexión cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyección de mensajes HID cuando no se ha producido ninguna interacción del usuario en la función central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. • http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog http://seclists.org/fulldisclosure/2023/Dec/7 http://seclists.org/fulldisclosure/2023/Dec/9 https://bluetooth.com https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html https://lists.fedoraproject.org/archives/list/package • CWE-287: Improper Authentication •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45780
https://notcve.org/view.php?id=CVE-2023-45780
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. En Print Service, existe un posible inicio de actividad en segundo plano debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40101
https://notcve.org/view.php?id=CVE-2023-40101
In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En collapse de canonicalize_md.c, hay una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21398
https://notcve.org/view.php?id=CVE-2023-21398
In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En sdksandbox, existe un posible ataque de superposición estilo strandhogg debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 •