Lucene search

MitreCVE-2023-45866

HistoryDec 08, 2023 - 6:15 a.m.

CVE-2023-45866

2023-12-0806:15:45

CWE-287

mitre

web.nvd.nist.gov

406

cve

bluez

bluetooth

hid

peripheral role

ubuntu

cve-2023-45866

nvd

security

vulnerability

encryption

injection

hid messages

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

42.3%

JSON

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Affected configurations

Nvd

Node

bluproductsdashMatch3.5

AND

googleandroidMatch4.2.2

Node

googlenexus_5Match-

AND

googleandroidMatch6.0.1

Node

googlepixel_2Match-

AND

googleandroidMatch10.0

googleandroidMatch11.0

Node

googlepixel_4aMatch-

googlepixel_6Match-

AND

googleandroidMatch13.0

Node

googlepixel_7Match-

AND

googleandroidMatch14.0

Node

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04-

canonicalubuntu_linuxMatch22.04lts

canonicalubuntu_linuxMatch23.10

Node

appleiphone_seMatch-

AND

appleiphone_osMatch16.6

Node

applemacbook_airMatch2017

AND

applemacosMatch12.6.7

Node

applemacbook_proMatchm2

AND

applemacosMatch13.3.3

Node

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

Node

appleipad_osRange<17.2

appleiphone_osRange<17.2

applemacosRange14.0–14.2

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
bluproductsdash3.5cpe:2.3:h:bluproducts:dash:3.5:*:*:*:*:*:*:*
googleandroid4.2.2cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
googlenexus_5-cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*
googleandroid6.0.1cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
googlepixel_2-cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*
googleandroid10.0cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
googleandroid11.0cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
googlepixel_4a-cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*
googlepixel_6-cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*
googleandroid13.0cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bluproducts	dash	3.5	cpe:2.3:h:bluproducts:dash:3.5:::::::*
google	android	4.2.2	cpe:2.3:o:google:android:4.2.2:::::::*
google	nexus_5	-	cpe:2.3:h:google:nexus_5:-:::::::*
google	android	6.0.1	cpe:2.3:o:google:android:6.0.1:::::::*
google	pixel_2	-	cpe:2.3:h:google:pixel_2:-:::::::*
google	android	10.0	cpe:2.3:o:google:android:10.0:::::::*
google	android	11.0	cpe:2.3:o:google:android:11.0:::::::*
google	pixel_4a	-	cpe:2.3:h:google:pixel_4a:-:::::::*
google	pixel_6	-	cpe:2.3:h:google:pixel_6:-:::::::*
google	android	13.0	cpe:2.3:o:google:android:13.0:::::::*