Lucene search

[email protected]CVE-2023-27964

HistoryJun 23, 2023 - 6:15 p.m.

CVE-2023-27964

2023-06-2318:15:11

CWE-290

[email protected]

web.nvd.nist.gov

authentication

state management

airpods

firmware update

cve-2023-27964

nvd

5.4 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.7 Medium

AI Score

Confidence

High

4.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

CPENameOperatorVersion
apple:airpods_firmwareapple airpods firmwareeq5e133

CPE	Name	Operator	Version
apple:airpods_firmware	apple airpods firmware	eq	5e133

References

support.apple.com/en-us/HT213752

5.4 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.7 Medium

AI Score

Confidence

High

4.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON

Related for CVE-2023-27964

cvelist1 prion1 apple2