Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-45866

Published: 08/12/2023 Updated: 05/01/2024
CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Google

Vulnerability Summary

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android 4.2.2

google android 6.0.1

google android 10.0

google android 11.0

google android 13.0

google android 14.0

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 22.04

canonical ubuntu linux 23.10

apple iphone_os 16.6

apple macos 12.6.7

apple macos 13.3.3

fedoraproject fedora 38

fedoraproject fedora 39

apple macos

apple iphone os

apple ipad os

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: bluez: CVE-2023-45866
Debian Bug report logs - #1057914 bluez: CVE-2023-45866 Package: src:bluez; Maintainer for src:bluez is Debian Bluetooth Maintainers <team+pkg-bluetooth@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Dec 2023 16:21:04 UTC Severity: grave Tags: security, upstream Found in ver ...
Debian Security Advisories: DSA-5584-1 bluez -- security update
It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4 The HID profile configuration option ClassicBondedOnly now defaults to true to make sure that input connections only come from bonded device connections For the oldstable distribution (bullseye), this prob ...
Amazon Linux 2: ALAS-2024-2386
bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866) ...
Red Hat:
Description<!---->A flaw was found in the HID Profile in BlueZ that opens doors for unauthorized connections, especially by devices like keyboards, to inject keystrokes without user confirmation BlueZ lacks proper restrictions on non-bonded devices, creating a risk for attackers that are physically close to inject keystrokes and execute arbitrary ...
Apple: macOS Sonoma 14.2
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...

Mailing Lists

Full Disclosure: APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-12-11-2023-2 iOS 172 and iPadOS 172 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Prod ...

Github Repositories

https://github.com/V33RU/CommandInWiFi

CommandInWiFi: Investigating Command Injection Flaws in WiFi Access Point Storage

CommandInWiFi Investigating Command Injection Flaws in WiFi Access Point Storage Inspired by Zero-Click Attacks Disclaimer this project under building Purpose of the Code: For testing or educational purposes only Use ethically and legally IoT Security Testing: Ideal for IoT Security Engineers for penetration testing to assess device behavior under different n

https://github.com/marcnewlin/hi_my_name_is_keyboard

Hi, My Name is Keyboard This repository contains proof-of-concept scripts for CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230 Additional details can be found in the blog post Proof of Concept Description Android Keystroke Injection Force-pairs a virtual Bluetooth keyboard with a vulnerable Android device and injects 10 seconds of tab keypresses Linux Keystroke Inj

https://github.com/pentestfunctions/BlueDucky

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

BlueDucky (Android) πŸ¦† 🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard) This is an implementation of the CVE discovered by marcnewlin

https://github.com/shirin-ehtiram/hi_my_name_is_keyboard

Hi, My Name is Keyboard This repository contains proof-of-concept scripts for CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230 Additional details can be found in the blog post Proof of Concept Description Android Keystroke Injection Force-pairs a virtual Bluetooth keyboard with a vulnerable Android device and injects 10 seconds of tab keypresses Linux Keystroke Inj

Recent Articles

Apple and some Linux distros are open to Bluetooth attack
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Issue has been around since at least 2012

A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, tracked as CVE-2023-45866, doesn't require any special hardware to exploit, and the attack can be pulled off from a Linux machine using a regular Bluetooth adapter, says Marc Newlin, who found the flaw and reported it to Apple, Google, Canonical, and B...

Read more...

References

CWE-287https://bluetooth.comhttp://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changeloghttps://github.com/skysafe/reblog/tree/main/cve-2023-45866https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/https://support.apple.com/kb/HT214036https://support.apple.com/kb/HT214035http://seclists.org/fulldisclosure/2023/Dec/9http://seclists.org/fulldisclosure/2023/Dec/7https://lists.debian.org/debian-lts-announce/2023/12/msg00011.htmlhttps://www.debian.org/security/2023/dsa-5584https://security.gentoo.org/glsa/202401-03https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057914https://nvd.nist.govhttps://github.com/V33RU/CommandInWiFihttps://www.debian.org/security/2023/dsa-5584
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook