← Back

CVE-2023-24023

nvd nist
Published: Nov 28, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.6 / Impact: 5.2
Source: NVD

Description

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

Affected (10)

Bluetooth
1 product
Bluetooth Core Specification
Microsoft
9 products
Windows 10 1809
Windows 10 21h2
Windows 10 22h2
Windows 11 21h2
Windows 11 22h2
Windows 11 23h2
Windows Server 2019
Windows Server 2022
Windows Server 2022 23h2
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Bluetooth Core Specification
From 4.2 to 5.4
Configuration B
9 vulnerable
Vulnerable SoftwareAffected Versions
Windows 10 1809
Before 10.0.17763.5122
Windows 10 21h2
Before 10.0.19043.3693
Windows 10 22h2
Before 10.0.19045.3693
Windows 11 21h2
Before 10.0.22000.2600
Windows 11 22h2
Before 10.0.22621.2715
Windows 11 23h2
Before 10.0.22631.2715
Windows Server 2019
Before 10.0.17763.5122
Windows Server 2022
Before 10.0.20348.2113
Windows Server 2022 23h2
Before 10.0.25398.531

References (4)

Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.