CVE-2018-10910

Опубликовано: 20 июл. 2018

Источник: redhat

CVSS3: 4.5

EPSS Низкий

Описание

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication.

Меры по смягчению последствий

Disable Bluetooth.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	bluez	Not affected
Red Hat Enterprise Linux 7	bluez	Fixed	RHSA-2020:1101	31.03.2020
Red Hat Enterprise Linux 8	bluez	Fixed	RHSA-2020:1912	28.04.2020
Red Hat Enterprise Linux 8	bluez	Fixed	RHSA-2020:1912	28.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-863

https://bugzilla.redhat.com/show_bug.cgi?id=1606203bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices

EPSS

Процентиль: 18%

0.00057

Низкий

4.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-10910

CVSS3: 4.5

ubuntu

около 7 лет назад

CVE-2018-10910

CVSS3: 4.5

nvd

около 7 лет назад

CVE-2018-10910

CVSS3: 4.5

debian

около 7 лет назад

A bug in Bluez may allow for the Bluetooth Discoverable state being se ...

GHSA-62rf-fp64-gxpc

CVSS3: 3.3

github

больше 3 лет назад

ELSA-2020-1912

oracle-oval

почти 6 лет назад

ELSA-2020-1912: bluez security update (LOW)

EPSS

Процентиль: 18%

0.00057

Низкий

4.5 Medium

CVSS3