CVE-2023-35387

FAQ

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.

How could an attacker exploit this vulnerability?

An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

In order to exploit this vulnerability, the victim must pair with the attacker's Bluetooth device.

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.