Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
References
Link | Resource |
---|---|
https://dl.acm.org/doi/10.1145/3576915.3623066 | Technical Description Third Party Advisory |
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
01 Apr 2024, 15:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* |
|
First Time |
Microsoft windows 11 23h2
Microsoft windows 10 22h2 Microsoft windows Server 2019 Microsoft windows 10 1809 Microsoft windows 11 22h2 Microsoft windows Server 2022 Microsoft windows 10 21h2 Microsoft windows Server 2022 23h2 Microsoft windows 11 21h2 Microsoft |
02 Dec 2023, 04:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
References | () https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/ - Vendor Advisory | |
References | () https://dl.acm.org/doi/10.1145/3576915.3623066 - Technical Description, Third Party Advisory | |
First Time |
Bluetooth
Bluetooth bluetooth Core Specification |
28 Nov 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-28 07:15
Updated : 2024-04-01 15:46
NVD link : CVE-2023-24023
Mitre link : CVE-2023-24023
CVE.ORG link : CVE-2023-24023
JSON object : View
Products Affected
microsoft
- windows_11_23h2
- windows_10_22h2
- windows_11_21h2
- windows_server_2022_23h2
- windows_11_22h2
- windows_server_2019
- windows_server_2022
- windows_10_21h2
- windows_10_1809
bluetooth
- bluetooth_core_specification
CWE