PT-2024-13385 · Nordic Semiconductor · Nrf Sniffer For Bluetooth Le
Chapoly1305
·
Published
2024-05-13
·
Updated
2024-08-20
·
CVE-2023-46870
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nordic Semiconductor nRF Sniffer for Bluetooth LE versions 3.0.0 through 4.1.1
Description
The issue is related to incorrect file permissions set for certain scripts in the Nordic Semiconductor nRF Sniffer for Bluetooth LE. This allows attackers to execute code via modified bash and python scripts, specifically targeting
extcap/nrf sniffer ble.py, extcap/nrf sniffer ble.sh, and extcap/SnifferAPI/*.py.Recommendations
For versions 3.0.0 through 4.1.1, consider restricting access to the vulnerable scripts
extcap/nrf sniffer ble.py, extcap/nrf sniffer ble.sh, and files within extcap/SnifferAPI/ to prevent code execution by attackers.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nrf Sniffer For Bluetooth Le