CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
71.6%
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Vendor | Product | Version | CPE |
---|---|---|---|
bluetooth | bluetooth_core_specification | * | cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:* |
microsoft | windows_10_1809 | * | cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* |
microsoft | windows_10_21h2 | * | cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* |
microsoft | windows_10_22h2 | * | cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* |
microsoft | windows_11_21h2 | * | cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* |
microsoft | windows_11_22h2 | * | cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* |
microsoft | windows_11_23h2 | * | cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* |
microsoft | windows_server_2019 | * | cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
microsoft | windows_server_2022 | * | cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* |
microsoft | windows_server_2022_23h2 | * | cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* |
More
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
71.6%