CVE-2021-1638

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified)

Description: The issue is related to an impersonation vulnerability in the Passkey Entry Protocol of the Bluetooth service in Windows operating systems. This vulnerability is associated with authentication errors and can allow an attacker to elevate their privileges and gain unauthorized access to protected information.

Recommendations: To address the vulnerability, apply the software update released by Microsoft, which will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key. As a temporary workaround, consider restricting access to the Bluetooth service to minimize the risk of exploitation. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but applying the mentioned software update should resolve the issue.