Vulnerability Details : CVE-2022-31463
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
Vulnerability category: BypassGain privilege
CVE-2022-31463 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Owl Labs Meeting Owl Improper Authentication Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Owl Labs Meeting Owl contains an improper authentication vulnerability that does not require a password for Bluetooth commands, as only client-side authentication is used.
Notes:
This CVE is currently under review status. The Due Date for remediation has been extended a week to conduct this review. https://resources.owllabs.com/blog/owl-labs-update
Added on
2023-09-18
Action due date
2023-10-16
Exploit prediction scoring system (EPSS) score for CVE-2022-31463
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less