MEDIUM🇬🇧 English

CVE-2022-24695

CVSS 4.3v3.1pub. 2023-06-02upd. 2025-01-10

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Bluetooth Core Specification

    APP
    Bluetooth
    ≤ 5.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-25836HIGH7.5ten sam produkt

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated ...

CVE-2022-25837HIGH7.5ten sam produkt

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to ac...

CVE-2020-26556HIGH7.5ten sam produkt

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a su...

CVE-2023-24023MEDIUM6.8ten sam produkt

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specifica...

CVE-2020-35473MEDIUM4.3ten sam produkt

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core...