CVE-2024-8805

Опубликовано: 22 нояб. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.

Ссылки

https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bluez:bluez:5.77:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01922

Низкий

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

CVE-2024-8805

CVSS3: 8.8

ubuntu

около 1 года назад

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.

CVE-2024-8805

CVSS3: 8.8

debian

около 1 года назад

BlueZ HID over GATT Profile Improper Access Control Remote Code Execut ...

GHSA-7wxw-j8c5-6p5x

CVSS3: 8.8

github

около 1 года назад

BDU:2024-07705

CVSS3: 8.8

fstec

больше 1 года назад

Уязвимость интерфейса HID Profile (Human Interface Device) стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю выполнить произвольные команды

SUSE-SU-2025:1449-1

suse-cvrf

9 месяцев назад

Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

EPSS

Процентиль: 83%

0.01922

Низкий

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo