CVE-2018-10910 — Incorrect Authorization in Bluez
Severity
3.3LOWNVD
EPSS
0.1%
top 82.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 28
Latest updateMay 13
Description
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4
Affected Packages4 packages
Also affects: Ubuntu Linux 18.04
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-62rf-fp64-gxpc: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system↗2022-05-13
OSV▶
CVE-2018-10910: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system↗2019-01-28
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7↗2019-06-12
Bugzilla▶
CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices [fedora-all]↗2018-07-20
Bugzilla▶
CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices↗2018-07-20