Vulnerability Details : CVE-2018-10910
Potential exploit
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
Products affected by CVE-2018-10910
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10910
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10910
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
3.3
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST | |
|
4.5
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
1.0
|
3.4
|
Red Hat, Inc. |
CWE ids for CVE-2018-10910
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: secalert@redhat.com (Primary)
References for CVE-2018-10910
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910
1606203 – (CVE-2018-10910) CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devicesExploit;Issue Tracking;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3856-1/
USN-3856-1: GNOME Bluetooth vulnerability | Ubuntu security noticesThird Party Advisory
Jump to