Lucene search

K
nvd[email protected]NVD:CVE-2023-27964
HistoryJun 23, 2023 - 6:15 p.m.

CVE-2023-27964

2023-06-2318:15:11
CWE-290
web.nvd.nist.gov
4
authentication
airpods
bluetooth
vulnerability
state management
spoofing
firmware update

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0

Percentile

12.7%

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

Affected configurations

Nvd
Node
appleairpods_firmwareMatch5e133
VendorProductVersionCPE
appleairpods_firmware5e133cpe:2.3:o:apple:airpods_firmware:5e133:*:*:*:*:*:*:*

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0

Percentile

12.7%

Related for NVD:CVE-2023-27964