CVE-2023-24023 — MEDIUM (6.8)

Q: How severe is CVE-2023-24023?

CVE-2023-24023 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-24023?

Check the references section above for vendor advisories and patch information. Affected products include: Bluetooth Bluetooth Core Specification, Microsoft Windows 10 1809, Microsoft Windows 10 21H2, Microsoft Windows 10 22H2, Microsoft Windows 11 21H2.

Vulnerability Description

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Bluetooth	Bluetooth Core Specification	>= 4.2, <= 5.4
Microsoft	Windows 10 1809	< 10.0.17763.5122
Microsoft	Windows 10 21H2	< 10.0.19043.3693
Microsoft	Windows 10 22H2	< 10.0.19045.3693
Microsoft	Windows 11 21H2	< 10.0.22000.2600
Microsoft	Windows 11 22H2	< 10.0.22621.2715
Microsoft	Windows 11 23H2	< 10.0.22631.2715
Microsoft	Windows Server 2019	< 10.0.17763.5122
Microsoft	Windows Server 2022	< 10.0.20348.2113
Microsoft	Windows Server 2022 23H2	< 10.0.25398.531

References

https://dl.acm.org/doi/10.1145/3576915.3623066Technical DescriptionThird Party Advisory
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-securitVendor Advisory
https://dl.acm.org/doi/10.1145/3576915.3623066Technical DescriptionThird Party Advisory
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-securitVendor Advisory

FAQ

What is CVE-2023-24023?

CVE-2023-24023 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length...

How severe is CVE-2023-24023?

CVE-2023-24023 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-24023?

Check the references section above for vendor advisories and patch information. Affected products include: Bluetooth Bluetooth Core Specification, Microsoft Windows 10 1809, Microsoft Windows 10 21H2, Microsoft Windows 10 22H2, Microsoft Windows 11 21H2.