CVE-2023-24023

{"id": "CVE-2023-24023", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2023-11-28T07:15:41.340", "references": [{"url": "https://dl.acm.org/doi/10.1145/3576915.3623066", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://dl.acm.org/doi/10.1145/3576915.3623066", "tags": ["Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."}, {"lang": "es", "value": "Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longitud de clave corta y pueden llevar al descubrimiento de la clave de cifrado y a la inyecci\u00f3n en vivo, tambi\u00e9n conocido como BLUFFS."}], "lastModified": "2024-11-21T07:47:16.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDDBC9C6-0387-47F1-B213-3AEAFD6A23C8", "versionEndIncluding": "5.4", "versionStartIncluding": "4.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B89EC5-12A3-457B-A297-B525FA447BA1", "versionEndExcluding": "10.0.17763.5122"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A00D05A-00A8-41B1-8E3A-234DC7C43D16", "versionEndExcluding": "10.0.19043.3693"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85ABCA53-40C8-452B-8D2F-7AAF3624DCD4", "versionEndExcluding": "10.0.19045.3693"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BCCEFB5-50CD-4D8A-B4A8-16B357367487", "versionEndExcluding": "10.0.22000.2600"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "656DB244-CD92-4288-A4CD-76ED0492D65C", "versionEndExcluding": "10.0.22621.2715"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC26CE6D-0DFD-4642-A806-2A312888A451", "versionEndExcluding": "10.0.22631.2715"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "940B3D77-2D2E-41F3-8450-27AF8BB17F18", "versionEndExcluding": "10.0.17763.5122"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB96325-BCC0-4C49-AF2A-A12C5CE1D818", "versionEndExcluding": "10.0.20348.2113"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A", "versionEndExcluding": "10.0.25398.531"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}