CVE-2021-1684 — Microsoft Windows 10 Version 1507 vulnerability

4 documents4 sources

Severity

5.5MEDIUMNVD

CNA5.0

EPSS

3.7%

top 12.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1803 +12 more

Timeline

PublishedJan 12

Latest updateMay 24

Description

Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages15 packages

▶CVEListV5microsoft/windows_8.16.3.0 — publication

▶CVEListV5microsoft/windows_server_201610.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_server_2012_r26.3.0 — publication

▶CVEListV5microsoft/windows_10_version_150710.0.0 — publication

🔴Vulnerability Details

GHSA

GHSA-x98w-2qjj-5g5p: Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1683↗2022-05-24

▶

CVEList

Windows Bluetooth Security Feature Bypass Vulnerability↗2021-01-12

▶

📋Vendor Advisories

Microsoft

Windows Bluetooth Security Feature Bypass Vulnerability↗2021-01-12

▶