Lucene search

Ubuntu.comUB:CVE-2022-25837

HistoryDec 12, 2022 - 12:00 a.m.

CVE-2022-25837

2022-12-1200:00:00

ubuntu.com

mitm attack

bluetooth pairing

vulnerability

passkey association model

secure connections mode

br/edr legacy pin code

credentials acquisition

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

21.2%

JSON

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may
permit an unauthenticated MITM to acquire credentials with two pairing
devices via adjacent access when at least one device supports BR/EDR Secure
Connections pairing and the other BR/EDR Legacy PIN code pairing if the
MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode
using the Passkey association model with the pairing Initiator and BR/EDR
Legacy PIN code pairing with the pairing Responder and brute forces the
Passkey entered by the user into the Responder as a 6-digit PIN code. The
MITM attacker can use the identified PIN code value as the Passkey value to
complete authentication with the Initiator via Bluetooth pairing method
confusion.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN

Rows per page:

1-10 of 701

References

launchpad.net/bugs/cve/CVE-2022-25837

nvd.nist.gov/vuln/detail/CVE-2022-25837

security-tracker.debian.org/tracker/CVE-2022-25837

www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-br-edr/

www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

www.cve.org/CVERecord?id=CVE-2022-25837

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

21.2%

JSON

Related for UB:CVE-2022-25837