CVE-2018-10910

Published: Jan 28, 2019Modified: Nov 21, 2024

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Affected (2)

Products: Bluez: Bluez · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bluez Bluez	Before 5.51

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

https://usn.ubuntu.com/3856-1/

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://usn.ubuntu.com/3856-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.