6.3

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version4.2.2
   BluproductsDash Version3.5
GoogleAndroid Version6.0.1
   GoogleNexus 5 Version-
GoogleAndroid Version10.0
   GooglePixel 2 Version-
GoogleAndroid Version11.0
   GooglePixel 2 Version-
GoogleAndroid Version13.0
   GooglePixel 4a Version-
   GooglePixel 6 Version-
GoogleAndroid Version14.0
   GooglePixel 7 Version-
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEdition-
CanonicalUbuntu Linux Version22.04 SwEditionlts
CanonicalUbuntu Linux Version23.10
AppleiPhone OS Version16.6
   AppleIphone Se Version-
ApplemacOS Version12.6.7
   AppleMacbook Air Version2017
ApplemacOS Version13.3.3
   AppleMacbook Pro Versionm2
FedoraprojectFedora Version38
FedoraprojectFedora Version39
AppleiPadOS Version < 17.2
AppleiPhone OS Version < 17.2
ApplemacOS Version >= 14.0 < 14.2
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.88% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.3 2.8 3.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://bluetooth.com
Not Applicable
https://support.apple.com/kb/HT214036
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Dec/9
Third Party Advisory
Mailing List
http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog
Release Notes
http://seclists.org/fulldisclosure/2023/Dec/7
Third Party Advisory
Mailing List
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
Patch
Mailing List
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/
Mailing List
https://security.gentoo.org/glsa/202401-03
https://support.apple.com/kb/HT214035
Third Party Advisory
https://www.debian.org/security/2023/dsa-5584
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/