VDB
CISA-2023-24023
CISA-2023-24023
PUBLISHED
CVSS 6.4 MEDIUM
Reported by mitre · Published November 28, 2023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Risk Scores
CVSS 3.1
6.4
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| bluetooth | bluetooth_core_specification | 4.2, 4.2 |
| n/a | n/a | n/a, n/a |
Timeline
- Nov 28, 2023 CVE Published
- Aug 2, 2024 CVE Updated