CVE-2024-34722

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Configurations

No configuration.

History

12 Jul 2024, 16:11

Type Values Removed Values Added
CWE CWE-303
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.4

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) En smp_proc_rand de smp_act.cc, existe una posible omisión de autenticación durante el emparejamiento BLE heredado debido a una implementación incorrecta de un protocolo. Esto podría conducir a una escalada remota de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.

09 Jul 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 21:15

Updated : 2024-07-12 16:11


NVD link : CVE-2024-34722

Mitre link : CVE-2024-34722

CVE.ORG link : CVE-2024-34722


JSON object : View

Products Affected

No product.

CWE
CWE-303

Incorrect Implementation of Authentication Algorithm