CVE-2023-24023

CVSS v3.1 6.8 (Medium)

EPSS 0.33 % (72^th)

Affected Products 10

Advisories 23

NVD Status Modified

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
NVD Status: Modified
CNA: MITRE
Published Date: 2023-11-28 07:15:41
(9 months ago)
Updated Date: 2024-08-01 14:35:02
(6 weeks ago)

Affected Products

Bluetooth

Bluetooth Core Specification

Microsoft

Configuration #1

		CPE23	From	Up To
	Bluetooth Core Specification from 4.2 version and 5.4 and prior versions	cpe:2.3:a:bluetooth:bluetooth_core_specification	>= 4.2	<= 5.4

Configuration #2

	CPE23	Up To
Microsoft Windows 10 1809 prior 10.0.17763.5122 version	cpe:2.3:o:microsoft:windows_10_1809	< 10.0.17763.5122
Microsoft Windows 10 21h2 prior 10.0.19043.3693 version	cpe:2.3:o:microsoft:windows_10_21h2	< 10.0.19043.3693
Microsoft Windows 10 22h2 prior 10.0.19045.3693 version	cpe:2.3:o:microsoft:windows_10_22h2	< 10.0.19045.3693
Microsoft Windows 11 21h2 prior 10.0.22000.2600 version	cpe:2.3:o:microsoft:windows_11_21h2	< 10.0.22000.2600
Microsoft Windows 11 22h2 prior 10.0.22621.2715 version	cpe:2.3:o:microsoft:windows_11_22h2	< 10.0.22621.2715
Microsoft Windows 11 23h2 prior 10.0.22631.2715 version	cpe:2.3:o:microsoft:windows_11_23h2	< 10.0.22631.2715
Microsoft Windows Server 2019 prior 10.0.17763.5122 version	cpe:2.3:o:microsoft:windows_server_2019	< 10.0.17763.5122
Microsoft Windows Server 2022 prior 10.0.20348.2113 version	cpe:2.3:o:microsoft:windows_server_2022	< 10.0.20348.2113
Microsoft Windows Server 2022 23h2 prior 10.0.25398.531 version	cpe:2.3:o:microsoft:windows_server_2022_23h2	< 10.0.25398.531