Lucene search

K
nvd[email protected]NVD:CVE-2008-4295
HistorySep 27, 2008 - 10:30 a.m.

CVE-2008-4295

2008-09-2710:30:03
CWE-20
web.nvd.nist.gov
4
cve-2008-4295
bluetooth connection
denial of service
remote attackers

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.305

Percentile

97.0%

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

Affected configurations

Nvd
Node
microsoftwindows_mobileMatch6.0
AND
htcmdaMatch8125
OR
htcwizaMatch200
VendorProductVersionCPE
microsoftwindows_mobile6.0cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*
htcmda8125cpe:2.3:h:htc:mda:8125:*:*:*:*:*:*:*
htcwiza200cpe:2.3:h:htc:wiza:200:*:*:*:*:*:*:*

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

High

EPSS

0.305

Percentile

97.0%

Related for NVD:CVE-2008-4295