Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10910

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Published

2019-01-28T15:29:00.230

Last Modified

2024-11-21T03:42:16.900

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-863
Type: Secondary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bluez	bluez	< 5.51	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 Exploit, Issue Tracking, Patch, Third Party Advisory ([email protected])
https://usn.ubuntu.com/3856-1/ Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 Exploit, Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3856-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)