CVE-2018-10910
bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
Un fallo en Bluez podría permitir al estado "Bluetooth Disponible" establecerse en "activo" cuando no hay ningún agente Bluetooth registrado con el sistema. Esto podría provocar el emparejamiento no autorizado de determinados dispositivos Bluetooth sin ningún tipo de autenticación. Las versiones de Bluez anteriores a la 5.51 son vulnerables.
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2019-01-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/3856-1 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2018-10910 | 2020-04-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1606203 | 2020-04-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bluez Search vendor "Bluez" | Bluez Search vendor "Bluez" for product "Bluez" | < 5.51 Search vendor "Bluez" for product "Bluez" and version " < 5.51" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
|