CVE-2023-2002

Exploit

EPSS 0.46%
Published 26.05.2023 17:15:14
Last modified 21.11.2024 07:57:44
Source secalert@redhat.com
Teams watchlist Login
Open Login

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

Affected products Warnungen 0 Metrics 2 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.4

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.46%	0.632

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	2.1	4.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2023/dsa-5480

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20240202-0004/

https://www.openwall.com/lists/oss-security/2023/04/16/3

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-2002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2002

EUVD