3.3
CVSSv2

CVE-2017-0785

Published: 14/09/2017 Updated: 28/07/2018
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 302
Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.3, 4.3.1, 4.4, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 5.0, 5.0.1, 5.0.2, 5.1, 5.1.0, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.0, 7.1.1, 7.1.2, 8.0

Vendor Advisories

Oracle Critical Patch Update Advisory - July 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of September 05, 2017 or later address all of these issues Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level Partners were notified of the issues described in the bulletin at ...
Oracle Critical Patch Update Advisory - January 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

Github Repositories

Blueborne CVE-2017-0785 This CVE and all the other BlueBorne CVEs are explained here: wwwarmiscom/blueborne/ This project was a proof of concept for a talk I gave in 2017 It simply performs a scan, prints out probably vulnerable hosts based on MACs and then runs the exploit on the target of your selection (if the device is actually vulnerable you will see a hex print

CVE-2017-0785 PoC This is just a personal study based on the Android information leak vulnerability released by Armis Further reading: wwwarmiscom/blueborne/ To run, be sure to have pybluez and pwntools installed sudo apt-get install bluetooth libbluetooth-dev sudo pip install pybluez sudo pip install pwntools

CVE-2017-0785 PoC This is just a personal study based on the Android information leak vulnerability released by Armis Further reading: wwwfacebookcom/khelfatni To run, be sure to have pybluez and pwntools installed sudo apt-get install bluetooth libbluetooth-dev sudo pip install pybluez sudo pip install pwntools

Blueborne-Vulnerability-Scanner Instructions : sudo apt-get install bluetooth libbluetooth-dev sudo pip install pybluez sudo pip install pwntools git clone githubcom/navanchauhan/Blueborne-Vulnerability-Scanner/ cd Blueborne-Vulnerability-Scanner sudo bash scannersh If your result is [+] Exploit: Done 00000000 This Means your device is safe from this vulnerabili

diff Simply diff for CVE-2017-0785

CVE-2017-0785 PoC This is just a personal study based on the Android information leak vulnerability released by Armis Further reading: wwwarmiscom/blueborne/ To run, be sure to have pybluez and pwntools installed sudo apt-get install bluetooth libbluetooth-dev sudo pip install pybluez sudo pip install pwntools

shellfish A deployment of the BlueBorne attack vector to execute code on the Bluetooth Stack, opening a TCP/IP shell NOTICE: I have no idea if/when this will work This is me attempting to generate a successful BlueBorne-based exploit My base code is in the following links: this is what I will be modifying to produce a full RCE exploit githubcom/ojasookert/CVE-2017-

CVE-2017-0785 Bluetooth module crash This script is a modified version of githubcom/ojasookert/CVE-2017-0785 It leaks information via SDP due to out-of-bound bytes, but sending too many packets or search requests causes the Bluetooth module on an Android smartphone above Android 40 to crash This vulnerability may be similiar to CVE-2017-0781 in what it achieves I b

BlueBorne Android Exploit PoC This directory contains a PoC code of BlueBorne's Android RCE vulnerability (CVE-2017-0781) It also uses the SDP Information leak vulnerability (CVE-2017-0785) to bypass ASLR It achieves code execution on a Google Pixel Android smartphone running version 712 with Security Patch Level July or August 2017 This code can also be altered a bit

-CVE-2017-0785-BlueBorne-PoC CVE-2017-0785 BlueBorne PoC General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth Armis h

BlueBorne Join or Ask: Linnebergmai@gmailcom New Full: youtube/qTy5aC34GqI BlueBorne: googl/PSDuwY | Youtube: youtube/FJGGMyg0W38 Broadpwn: googl/xWC4hg | Youtube: youtube/GTb4Y2Y9shw Yalu Jailbreak iOS 1031 : googl/9cSSPU Help PR CVE-2017-0785 STEP 1 Now at this point, I am wondering if Armis left

BlueBorne Join or Ask: Linnebergmai@gmailcom New Full: youtube/qTy5aC34GqI BlueBorne: googl/PSDuwY | Youtube: youtube/FJGGMyg0W38 Broadpwn: googl/xWC4hg | Youtube: youtube/GTb4Y2Y9shw Yalu Jailbreak iOS 1031 : googl/9cSSPU Help PR CVE-2017-0785 STEP 1 Now at this point, I am wondering if Armis left

blueborne Some PoC scripts for the Blueborne vulnerabilities on Android Contents crash_servicepy: Crashes the remote Bluetooth service using CVE-2017-0781 leak_memorypy: Leaks memory from the remote device using CVE-2017-0785 rce: Complex Remote Code Execution to open a reverse shell with the privileges of the Bluetooth service using both CVE-2017-0781 and CVE-2017-0785

BlueBorne Exploits & Framework ============================= This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under android exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under linux-bluez exploits for the Linux-RCE vulnerability (CVE-2017-1000

android712-blueborne Android Blueborne RCE CVE-2017-0781 In November 2017 a company called Armis published a proof of concept (PoC) of a remote code execution vulnerability in Android via Bluetooth (CVE-2017-0781), known as BlueBorne Although BlueBorne refers to a set of 8 vulnerabilities, this PoC in this article uses only 2 of them to achieve its goal BlueBorne only require

BlueBorne Exploits & Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-1000251) c

BlueBorne Exploits & Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-1000251) c

BlueBorne Exploits & Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-1000251) c

Blueborne Android Scanner Greetz shouts to sh3llg0d, an0n_l1t3, daemochi, akatz!!!! Overview Bluetooth scanner for blueborne-vulnerable devices, Android only for the moment Quickstart git clone githubcom/hook-s3c/blueborne-scannergit cd blueborne-scanner sudo chmod +x /bluebornescanpy pip install -r /requirementstxt /bluebornescanpy Breakdown Scans for local

Blueborne Android Scanner Greetz shouts to sh3llg0d, an0n_l1t3, daemochi, akatz!!!! Overview Bluetooth scanner for blueborne-vulnerable devices, Android only for the moment Quickstart git clone githubcom/hook-s3c/blueborne-scannergit cd blueborne-scanner sudo chmod +x /bluebornescanpy pip install -r /requirementstxt /bluebornescanpy Breakdown Scans for local

Pentest-Tools I created this repo to have an overview over my starred repos I was not able to filter in categories before Feel free to use it for yourself Windows Active Directory Pentest General usefull Powershell Scripts githubcom/SecureThisShit/WinPwn - githubcom/dafthack/MailSniper githubcom/putterpanda/mimikittenz githubcom/dafthack/

Blueborne Android Scanner Greetz shouts to sh3llg0d, an0n_l1t3, daemochi, akatz!!!! Overview Bluetooth scanner for blueborne-vulnerable devices, Android only for the moment Quickstart git clone githubcom/hook-s3c/blueborne-scannergit cd blueborne-scanner sudo chmod +x /bluebornescanpy pip install -r /requirementstxt /bluebornescanpy Breakdown Scans for local

-CVE-2017-0785-BlueBorne-PoC CVE-2017-0785 BlueBorne PoC General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth Armis h

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile BitBake Bro C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

BlueBorne Vulnerability Also Affects 20Mil Amazon Echo and Google Home Devices
BleepingComputer • Catalin Cimpanu • 15 Nov 2017

Over 20 million Amazon Echo and Google Home devices running on Android and Linux are vulnerable to attacks via the BlueBorne vulnerability, IoT cyber-security firm Armis announced today.
Both Amazon and Google have issued patches for the affected products, hence today's disclosure from Armis.
BlueBorne is a set of eight vulnerabilities in the Bluetooth implementations deployed on Android, iOS, Microsoft, and Linux. Affected OS makers and several IoT device makers issued updates in mi...

Wireless ‘BlueBorne’ Attacks Target Billions of Bluetooth Devices
Threatpost • Tom Spring • 12 Sep 2017

Researchers disclosed a bevy of Bluetooth vulnerabilities Tuesday that threaten billions of devices from Android and Apple smartphones to millions of printers, smart TVs and IoT devices that use the short-range wireless protocol.
Worse, according to researchers at IoT security firm Armis that found the attack vector, the so-called “BlueBorne” attacks can jump from one nearby Bluetooth device to another wirelessly. It estimates that there are 5.3 billion devices at risk.
“If exp...

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices
BleepingComputer • Catalin Cimpanu • 12 Sep 2017

Security researchers have discovered eight vulnerabilities — codenamed collectively as BlueBorne — in the Bluetooth implementations used by over 5.3 billion devices.
Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device.
They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, im...