VDB
CVE-2021-1684
CVE-2021-1684
PUBLISHED
CVSS 5 MEDIUM
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key
EPSS 3.66% · 88.1th percentile
Risk Scores
CVSS 3.1
5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
3.66%
88.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 8.1 | 6.3.0 |
| microsoft | windows_server_2016 | 1909, 20h2, 2004 |
| Microsoft | Windows 10 Version 1803 | 10.0.0 |
| microsoft | windows_10 | 1803, *, 1607 |
| Microsoft | Windows 10 Version 1809 | 10.0.0 |
| Microsoft | Windows Server version 20H2 | 10.0.0 |
| Microsoft | Windows 10 Version 20H2 | 10.0.0 |
| Microsoft | Windows Server 2016 | 10.0.0 |
| Microsoft | Windows Server 2012 R2 | 6.3.0 |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.0 |
| Microsoft | Windows Server 2012 R2 (Server Core installation) | 6.3.0 |
| Microsoft | Windows Server 2016 (Server Core installation) | 10.0.0 |
| Microsoft | Windows Server, version 1909 (Server Core installation) | 10.0.0 |
| Microsoft | Windows Server 2019 | 10.0.0 |
| Microsoft | Windows 10 Version 1507 | 10.0.0 |
| Microsoft | Windows 10 Version 1909 | 10.0.0 |
| microsoft | windows_server_2012 | r2 |
| microsoft | windows_8.1 | |
| Microsoft | Windows 10 Version 2004 | 10.0.0 |
| Microsoft | Windows 10 Version 1607 | 10.0.0 |
…and 3 more
Timeline
- Jan 12, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- May 5, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score