CVE-2022-24695 — Observable Discrepancy in Core Specification

CWE-203 — Observable Discrepancy4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 90.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluetooth Core Specification

Timeline

PublishedJun 2

Description

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDbluetooth/bluetooth_core_specification5.3

🔴Vulnerability Details

GHSA

GHSA-rj66-gv55-x6mr: Bluetooth Classic in Bluetooth Core Specification through 5↗2023-06-02

▶

CVEList

CVE-2022-24695: Bluetooth Classic in Bluetooth Core Specification through 5↗2023-06-02

▶

OSV

CVE-2022-24695: Bluetooth Classic in Bluetooth Core Specification through 5↗2023-06-02

▶