VDB

CVE-2021-1684

CVE-2021-1684 PUBLISHED CVSS 5 MEDIUM

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

EPSS 3.66% · 88.1th percentile

Risk Scores

CVSS 3.1
5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
3.66%
88.1th percentile

Affected Products

VendorProductVersions
MicrosoftWindows 8.16.3.0
microsoftwindows_server_20161909, 20h2, 2004
MicrosoftWindows 10 Version 180310.0.0
microsoftwindows_101803, *, 1607
MicrosoftWindows 10 Version 180910.0.0
MicrosoftWindows Server version 20H210.0.0
MicrosoftWindows 10 Version 20H210.0.0
MicrosoftWindows Server 201610.0.0
MicrosoftWindows Server 2012 R26.3.0
MicrosoftWindows Server 2019 (Server Core installation)10.0.0
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.0
MicrosoftWindows Server 2016 (Server Core installation)10.0.0
MicrosoftWindows Server, version 1909 (Server Core installation)10.0.0
MicrosoftWindows Server 201910.0.0
MicrosoftWindows 10 Version 150710.0.0
MicrosoftWindows 10 Version 190910.0.0
microsoftwindows_server_2012r2
microsoftwindows_8.1
MicrosoftWindows 10 Version 200410.0.0
MicrosoftWindows 10 Version 160710.0.0

…and 3 more

Timeline

  • Jan 12, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • May 5, 2021 PoC Published
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›