CVE-2017-1000250 — MEDIUM (6.5)

Q: How severe is CVE-2017-1000250?

CVE-2017-1000250 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-1000250?

Check the references section above for vendor advisories and patch information. Affected products include: Bluez Bluez.

Vulnerability Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bluez	Bluez	<= 5.46

Related Weaknesses (CWE)

CWE-200

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3972
http://www.securityfocus.com/bid/100814Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2685
https://access.redhat.com/security/vulnerabilities/blueborneNot Applicable
https://www.armis.com/blueborneExploitTechnical DescriptionThird Party Advisory
https://www.kb.cert.org/vuls/id/240311Third Party AdvisoryUS Government Resource
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
https://access.redhat.com/security/cve/CVE-2017-1000250Issue TrackingThird Party AdvisoryVDB Entry
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3972
http://www.securityfocus.com/bid/100814Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2685
https://access.redhat.com/security/vulnerabilities/blueborneNot Applicable
https://www.armis.com/blueborneExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-1000250?

CVE-2017-1000250 is a vulnerability with a CVSS score of 6.5 (MEDIUM). All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd pro...

How severe is CVE-2017-1000250?

CVE-2017-1000250 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-1000250?

Check the references section above for vendor advisories and patch information. Affected products include: Bluez Bluez.