Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2017-8628
HistorySep 12, 2017 - 7:00 a.m.

Microsoft Bluetooth Driver Spoofing Vulnerability

2017-09-1207:00:00
Microsoft
msrc.microsoft.com
14

6.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

A spoofing vulnerability exists in Microsoft’s implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user’s computer to unknowingly route traffic through the attacker’s computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.

To exploit the vulnerability, the attacker needs to be within the physical proximity of the targeted user, and the user’s computer needs to have Bluetooth enabled. The attacker can then initiate a Bluetooth connection to the target computer without the user’s knowledge.

The security update addresses the vulnerability by correcting how Windows handles Bluetooth requests.

Related

symantec 1
openvas 7
prion 1
cve 1
mskb 9
krebs 1
threatpost 2
qualysblog 1
myhack58 2
seebug 1
thn 1
lenovo 2
fortinet 1
cert 1
pentestit 1
nessus 7
kaspersky 2
trendmicroblog 1
talosblog 1
symantec
symantec
Microsoft Windows Bluetooth Driver CVE-2017-8628 Man in the Middle Spoofing Vulnerability
2017-09-12 00:00:00
openvas
openvas
Microsoft Bluetooth Driver Spoofing Vulnerability (KB4034786)
2017-09-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4038777)
2017-09-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4038792)
2017-09-13 00:00:00
prion
prion
Spoofing
2017-09-13 01:29:00
cve
cve
CVE-2017-8628
2017-09-13 01:29:00
mskb
mskb
Security update for the Microsoft Bluetooth driver spoofing vulnerability in Windows Server 2008: September 12, 2017
2017-09-12 07:00:00
July 11, 2017—KB4025337 (Security-only update)
2017-09-12 07:00:00
July 11, 2017—KB4025333 (Security-only update)
2017-09-12 07:00:00
krebs
krebs
Adobe, Microsoft Plug Critical Security Holes
2017-09-13 16:42:30
threatpost
threatpost
Microsoft Patches .NET Zero Day Vulnerability in September Update
2017-09-12 15:59:40
Wireless 'BlueBorne' Attacks Target Billions of Bluetooth Devices
2017-09-12 09:00:09
qualysblog
qualysblog
September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches
2017-09-12 18:23:49
myhack58
myhack58
Bluetooth agreement flaws vulnerability:BlueBorne attack affected the number of 10 million Bluetooth equipped-vulnerability warning-the black bar safety net
2017-09-14 00:00:00
Bluetooth agreement revealed eight major security vulnerability bug, capable of affecting fifty-three billion Bluetooth the efficacy of the equipment-vulnerability warning-the black bar safety net
2017-09-13 00:00:00
seebug
seebug
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device (BlueBorne)
2017-09-13 00:00:00
thn
thn
BlueBorne: Critical Bluetooth Attack Puts Billions of Devices at Risk of Hacking
2017-09-12 05:52:00
lenovo
lenovo
Bluetooth “BlueBorne” Vulnerabilities - Lenovo Support US
2019-01-23 12:42:26
Bluetooth “BlueBorne” Vulnerabilities - NL
2018-07-19 12:31:00
fortinet
fortinet
BlueBorne vulnerabilities and security flaws in Bluetooth stacks
2017-11-03 00:00:00
cert
cert
Multiple Bluetooth implementation vulnerabilities affect many devices
2017-09-12 00:00:00
pentestit
pentestit
How to: Protect Systems From BlueBorne Attacks?
2017-09-14 21:22:24
nessus
nessus
Windows 2008 September 2017 Multiple Security Updates
2017-09-12 00:00:00
Windows 7 and Windows Server 2008 R2 September 2017 Security Updates
2017-09-12 00:00:00
Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates
2017-09-12 00:00:00
kaspersky
kaspersky
KLA11899 Multiple vulnerabilities in Microsoft Products (ESU)
2017-09-12 00:00:00
KLA11099 Multiple vulnerabilities in Microsoft Windows
2017-09-12 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017
2017-09-15 14:59:53
talosblog
talosblog
Microsoft Patch Tuesday - September 2017
2017-09-12 15:41:00

6.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON
Related for MS:CVE-2017-8628
symantec1openvas7prion1cve1mskb9krebs1threatpost2qualysblog1myhack582seebug1thn1lenovo2fortinet1cert1pentestit1nessus7kaspersky2trendmicroblog1talosblog1