6.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.5%
bluez is vulnerable to Improper authentication. The vulnerability due to permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. It leads to allow an attacker get access to inject a malicious message.
changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog
seclists.org/fulldisclosure/2023/Dec/7
seclists.org/fulldisclosure/2023/Dec/9
bluetooth.com
git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
github.com/skysafe/reblog/tree/main/cve-2023-45866
lists.debian.org/debian-lts-announce/2023/12/msg00011.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/
security-tracker.debian.org/tracker/CVE-2023-45866
security.gentoo.org/glsa/202401-03
support.apple.com/kb/HT214035
support.apple.com/kb/HT214036
www.debian.org/security/2023/dsa-5584
6.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.5%