PT-2018-10177 · Bluez+4 · Bluez+4

Chris Marchesi

Publicado

2018-07-20

Atualizado

2023-02-13

CVE-2018-10910

CVSS v3.1

4.5

Média

Vetor

AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Bluez versions prior to 5.51

Description A bug in the system may allow the Bluetooth Discoverable state to be set to on when no Bluetooth agent is registered, potentially leading to unauthorized pairing of certain Bluetooth devices without authentication.

Recommendations For versions prior to 5.51, update to version 5.51 or later to resolve the issue. As a temporary workaround, consider disabling the Bluetooth Discoverable state when no Bluetooth agent is registered with the system. Restrict access to Bluetooth pairing to minimize the risk of exploitation.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

ALT-PU-2020-1487

ALT-PU-2020-1523

CESA-2020_1101

CESA-2020_1912

CVE-2018-10910

ELSA-2020-1101

ELSA-2020-1912

MGASA-2020-0152

RHSA-2020:1101

RHSA-2020:1912

RHSA-2020_1101

RHSA-2020_1912

USN-3856-1

Produtos afetados

Alt Linux

Bluez

Centos

Red Hat

Ubuntu

PT-2018-10177 · Bluez+4 · Bluez+4

CVE-2018-10910

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33