VDB
DEBIAN-CVE-2023-45866
DEBIAN-CVE-2023-45866
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | bluez | 0, 0, 0 |
| Debian:13 | bluez | 0, 0, 0 |
| Debian:12 | bluez | 0, 5.66-1, 0 |
| Debian:11 | bluez | 5.55-3.1, 0, 5.55-3.1 |
Exploit Intelligence
- EDSEC_BKIF is a keystroke injection tool for Android, Linux, and iOS. With the help of CVE-2023-45866, it grants users unprecedented control over targeted systems, enabling various functions from keystroke injection to advanced system manipulations. (github-poc-repo)
- EDSEC_BKIF is a keystroke injection tool for Android, Linux, and iOS. With the help of CVE-2023-45866, it grants users unprecedented control over targeted systems, enabling various functions from keystroke injection to advanced system manipulations. (github-poc)
- CVE-2023-45866 (github-poc-repo)
- Exploits Tested in Mi A2 Lite and Realme 2 pro (github-poc-repo)
- Chedrian07/CVE-2023-45866-POC (github-poc-repo)
- Exploit basado en vulnerabilidades criticas Bluetooth (CVE-2023-45866, CVE-2024-21306) (github-poc-repo)
- Rust implementation of Marc Newlin's keystroke injection proof of concept (CVE-2023-45866). (github-poc-repo)
- BlueDucky exploits a Bluetooth vulnerability, specifically CVE-2023-45866, which allows an attacker to inject keystrokes into a target device. The attacker's device impersonates a Bluetooth keyboard to establish an encrypted connection without user authorization. The BlueDucky tool automates this process (github-poc-repo)
- 🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard) (github-poc-repo)
- BlueDucky exploits a Bluetooth vulnerability, specifically CVE-2023-45866, which allows an attacker to inject keystrokes into a target device. The attacker's device impersonates a Bluetooth keyboard to establish an encrypted connection without user authorization. The BlueDucky tool automates this process (github-poc)
…and 17 more exploits
Timeline
- Dec 8, 2023 CVE Published
- Apr 28, 2026 CVE Updated