CVE-2023-2002

Exploit

EPSS 0.6%
Veröffentlicht 26.05.2023 17:15:14
Zuletzt bearbeitet 21.11.2024 07:57:44
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 8

NVD 3 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.4

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.692

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	2.1	4.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2023/dsa-5480

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20240202-0004/

https://www.openwall.com/lists/oss-security/2023/04/16/3

Third Party Advisory

Exploit