Lucene search

RedhatCVE-2021-3658

HistoryMar 02, 2022 - 11:15 p.m.

CVE-2021-3658

2022-03-0223:15:08

CWE-863

redhat

web.nvd.nist.gov

139

cve-2021-3658

bluetoothd

bluez

vulnerability

exposure

nearby attackers

nvd

discoverable status

bluetooth stack

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

bluetoothd from bluez incorrectly saves adapters’ Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.

Affected configurations

Nvd

Vulners

Node

bluezbluezRange<5.61

Node

fedoraprojectfedoraMatch34

VendorProductVersionCPE
bluezbluez*cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bluez	bluez	*	cpe:2.3:a:bluez:bluez::::::::
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*

CNA Affected

[
  {
    "product": "bluez",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixedin - 5.61 and above."
      }
    ]
  }
]