Vulnetix
Try Vulnetix Request Demo
CVE-2021-1684 PUBLISHED CVSS 5 MEDIUM

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

EPSS 3.66% · 87.8th percentile

Risk Scores

CVSS v3.1
5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
3.66%
87.8th percentile

Affected Products

VendorProductVersions
MicrosoftWindows 8.16.3.0
microsoftwindows_server_20161909, 20h2, 2004
MicrosoftWindows 10 Version 180310.0.0
microsoftwindows_10*, 2004, 1909
MicrosoftWindows 10 Version 180910.0.0
MicrosoftWindows Server version 20H210.0.0
MicrosoftWindows 10 Version 20H210.0.0
MicrosoftWindows Server 201610.0.0
MicrosoftWindows Server 2012 R26.3.0
MicrosoftWindows Server 2019 (Server Core installation)10.0.0
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.0
MicrosoftWindows Server 2016 (Server Core installation)10.0.0
MicrosoftWindows Server, version 1909 (Server Core installation)10.0.0
MicrosoftWindows Server 201910.0.0
MicrosoftWindows 10 Version 150710.0.0
MicrosoftWindows 10 Version 190910.0.0
microsoftwindows_server_2012r2
microsoftwindows_8.1
MicrosoftWindows 10 Version 200410.0.0
MicrosoftWindows 10 Version 160710.0.0

…and 3 more

Timeline

References

Open in Interactive Console →