PT-2018-10177 · Bluez+4 · Bluez+4

Chris Marchesi

Published

2018-07-20

Updated

2023-02-13

CVE-2018-10910

CVSS v3.1

4.5

Medium

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Bluez versions prior to 5.51

Description A bug in the system may allow the Bluetooth Discoverable state to be set to on when no Bluetooth agent is registered, potentially leading to unauthorized pairing of certain Bluetooth devices without authentication.

Recommendations For versions prior to 5.51, update to version 5.51 or later to resolve the issue. As a temporary workaround, consider disabling the Bluetooth Discoverable state when no Bluetooth agent is registered with the system. Restrict access to Bluetooth pairing to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2020-1487

ALT-PU-2020-1523

CESA-2020_1101

CESA-2020_1912

CVE-2018-10910

ELSA-2020-1101

ELSA-2020-1912

MGASA-2020-0152

RHSA-2020:1101

RHSA-2020:1912

RHSA-2020_1101

RHSA-2020_1912

USN-3856-1

Affected Products

Alt Linux

Bluez

Centos

Red Hat

Ubuntu

PT-2018-10177 · Bluez+4 · Bluez+4

CVE-2018-10910

Weakness Enumeration

Related Identifiers

Affected Products

References · 33