Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24695

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.

Published

2023-06-02T12:15:09.243

Last Modified

2025-01-10T19:15:28.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bluetooth	bluetooth_core_specification	≤ 5.3	Yes

References

https://sp2023.ieee-security.org/program-papers.html Technical Description ([email protected])
https://www.bluetooth.com/specifications/specs/core-specification/ Product ([email protected])
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM Technical Description ([email protected])
https://sp2023.ieee-security.org/program-papers.html Technical Description (af854a3a-2127-422b-91ae-364da2661108)
https://www.bluetooth.com/specifications/specs/core-specification/ Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM Technical Description (af854a3a-2127-422b-91ae-364da2661108)