← back
CVE-2022-24695

CVE-2022-24695

CVSS 4.3 MEDIUMEPSS 0.4%CWE-203
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sp2023.ieee-security.org/program-papers.htmlhttps://www.bluetooth.com/specifications/specs/core-specification/https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM