CVE-2017-8628 — Corporation Microsoft Bluetooth Driver vulnerability

18 documents10 sources

Severity

6.8MEDIUMNVD

EPSS

0.5%

top 35.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Bluetooth Driver Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems +16 more

Timeline

PublishedSep 13

Latest updateFeb 5

Description

Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages19 packages

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶CVEListV5microsoft_corporation/microsoft_bluetooth_driverWindows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703.

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_itanium-based_systems_service_pack_2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-393v-ghcr-3x2m: Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Microsoft Bluetooth Driver Spoofing Vulnerability↗2017-09-12

▶

🕵️Threat Intelligence

Tenable

Protecting Your Bluetooth Devices from BlueBorne↗2017-09-15

▶

Tenable

Protecting Your Bluetooth Devices from BlueBorne↗2017-09-15

▶

Fortinet

BlueBorne May Affect Billions of Bluetooth Devices↗2017-09-14

▶

Trendmicro

September Patch Tuesday Fixes MS Office Zero-Day↗2017-09-13

▶

Trendmicro

September Patch Tuesday Fixes MS Office Zero-Day↗2017-09-13

▶

📄Research Papers

arXiv

Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs↗2024-02-05

▶