CVE-2023-45866
bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
Severity Score
6.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con función periférica no autenticada inicie y establezca una conexión cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyección de mensajes HID cuando no se ha producido ninguna interacción del usuario en la función central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. NOTA: en algunos casos, una mitigación CVE-2020-0556 ya habría solucionado este problema de hosts HID Bluetooth.
A flaw was found in the HID Profile in BlueZ that opens doors for unauthorized connections, especially by devices like keyboards, to inject keystrokes without user confirmation. BlueZ lacks proper restrictions on non-bonded devices, creating a risk for attackers that are physically close to inject keystrokes and execute arbitrary commands when the device is in a discoverable state.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-14 CVE Reserved
- 2023-12-07 CVE Published
- 2024-01-16 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
- CWE-287: Improper Authentication
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog | Release Notes |
|
| http://seclists.org/fulldisclosure/2023/Dec/7 | Mailing List |
|
| http://seclists.org/fulldisclosure/2023/Dec/9 | Mailing List |
|
| https://bluetooth.com | Not Applicable | |
| https://github.com/skysafe/reblog/tree/main/cve-2023-45866 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html | Mailing List |
|
| https://support.apple.com/kb/HT214035 | Third Party Advisory |
|
| https://support.apple.com/kb/HT214036 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 | 2024-01-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 4.2.2 Search vendor "Google" for product "Android" and version "4.2.2" | - |
Affected
| in | Bluproducts Search vendor "Bluproducts" | Dash Search vendor "Bluproducts" for product "Dash" | 3.5 Search vendor "Bluproducts" for product "Dash" and version "3.5" | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0.1 Search vendor "Google" for product "Android" and version "6.0.1" | - |
Affected
| in | Google Search vendor "Google" | Nexus 5 Search vendor "Google" for product "Nexus 5" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 10.0 Search vendor "Google" for product "Android" and version "10.0" | - |
Affected
| in | Google Search vendor "Google" | Pixel 2 Search vendor "Google" for product "Pixel 2" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 11.0 Search vendor "Google" for product "Android" and version "11.0" | - |
Affected
| in | Google Search vendor "Google" | Pixel 2 Search vendor "Google" for product "Pixel 2" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 13.0 Search vendor "Google" for product "Android" and version "13.0" | - |
Affected
| in | Google Search vendor "Google" | Pixel 4a Search vendor "Google" for product "Pixel 4a" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 13.0 Search vendor "Google" for product "Android" and version "13.0" | - |
Affected
| in | Google Search vendor "Google" | Pixel 6 Search vendor "Google" for product "Pixel 6" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 14.0 Search vendor "Google" for product "Android" and version "14.0" | - |
Affected
| in | Google Search vendor "Google" | Pixel 7 Search vendor "Google" for product "Pixel 7" | - | - |
Safe
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 16.6 Search vendor "Apple" for product "Iphone Os" and version "16.6" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Se Search vendor "Apple" for product "Iphone Se" | - | - |
Safe
|
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | 12.6.7 Search vendor "Apple" for product "Macos" and version "12.6.7" | - |
Affected
| in | Apple Search vendor "Apple" | Macbook Air Search vendor "Apple" for product "Macbook Air" | 2017 Search vendor "Apple" for product "Macbook Air" and version "2017" | - |
Safe
|
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | 13.3.3 Search vendor "Apple" for product "Macos" and version "13.3.3" | - |
Affected
| in | Apple Search vendor "Apple" | Macbook Pro Search vendor "Apple" for product "Macbook Pro" | m2 Search vendor "Apple" for product "Macbook Pro" and version "m2" | - |
Safe
|
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 23.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "23.10" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipad Os Search vendor "Apple" for product "Ipad Os" | < 17.2 Search vendor "Apple" for product "Ipad Os" and version " < 17.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 17.2 Search vendor "Apple" for product "Iphone Os" and version " < 17.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 14.0 < 14.2 Search vendor "Apple" for product "Macos" and version " >= 14.0 < 14.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||