Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-24023

Published: 28/11/2023 Updated: 01/04/2024
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 0
Subscribe to Bluetooth Core Specification

Vulnerability Summary

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 up to and including 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bluetooth bluetooth core specification

microsoft windows 10 22h2

microsoft windows 11 21h2

microsoft windows 11 22h2

microsoft windows 11 23h2

microsoft windows server 2022 23h2

microsoft windows 10 21h2

microsoft windows 10 1809

microsoft windows server 2019

microsoft windows server 2022

Vendor Advisories

Red Hat:
Description<!---->A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 42 through 54 This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFSA flaw was fou ...

Github Repositories

https://github.com/francozappa/bluffs

Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) [CVE 2023-24023]

BLUFFS Introduction This repository contains code related to BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses Paper abstract Bluetooth is a pervasive technology for wireless communication Billions of devices use it in sensitive applications and to exchange private data The security of Bluetooth depends on the Bluetooth standard and its two security mechanism

Recent Articles

Weak session keys let snoops take a byte out of your Bluetooth traffic
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets

Multiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby miscreant to impersonate other devices and intercept data. The weaknesses were identified by Daniele Antonioli, an assistant professor at French graduate school and research center EURECOM's software and system security group. He detailed the attack vectors by which the flaws could be exploited in a paper [PDF] titled "BLUFFS: Bluetooth Forward a...

Read more...

References

NVD-CWE-noinfohttps://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/https://dl.acm.org/doi/10.1145/3576915.3623066https://nvd.nist.govhttps://github.com/francozappa/bluffshttps://www.theregister.co.uk/2023/11/30/bluetooth_bluffs_attacks_are_no/https://access.redhat.com/security/cve/cve-2023-24023
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook