Vulnerability Details : CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Products affected by CVE-2023-24023
- cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
- Bluetooth » Bluetooth Core SpecificationVersions from including (>=) 4.2 and up to, including, (<=) 5.4cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-24023
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-24023
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
1.2
|
5.2
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-01 |
6.8
|
MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
1.6
|
5.2
|
NIST |
References for CVE-2023-24023
-
https://dl.acm.org/doi/10.1145/3576915.3623066
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityTechnical Description;Third Party Advisory
-
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/
Security Notice | Bluetooth® Technology WebsiteVendor Advisory
Jump to