{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24023", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T10:49:09.028Z", "dateReserved": "2023-01-20T00:00:00", "datePublished": "2023-11-28T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-28T06:55:49.765703"}, "descriptions": [{"lang": "en", "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"}, {"url": "https://dl.acm.org/doi/10.1145/3576915.3623066"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"affected": [{"vendor": "bluetooth", "product": "bluetooth_core_specification", "cpes": ["cpe:2.3:a:bluetooth:bluetooth_core_specification:4.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.2", "status": "affected", "lessThanOrEqual": "5.4", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T03:55:58.358030Z", "id": "CVE-2023-24023", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T13:14:49.093Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:09.028Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/", "tags": ["x_transferred"]}, {"url": "https://dl.acm.org/doi/10.1145/3576915.3623066", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-24023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T03:55:58.358030Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bluetooth:bluetooth_core_specification:4.2:*:*:*:*:*:*:*"], "vendor": "bluetooth", "product": "bluetooth_core_specification", "versions": [{"status": "affected", "version": "4.2", "versionType": "custom", "lessThanOrEqual": "5.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T13:13:02.065Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"}, {"url": "https://dl.acm.org/doi/10.1145/3576915.3623066"}], "descriptions": [{"lang": "en", "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-28T06:55:49.765703"}}}, "cveMetadata": {"cveId": "CVE-2023-24023", "state": "PUBLISHED", "dateUpdated": "2024-08-01T13:14:49.093Z", "dateReserved": "2023-01-20T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-11-28T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDDBC9C6-0387-47F1-B213-3AEAFD6A23C8", "versionEndIncluding": "5.4", "versionStartIncluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B89EC5-12A3-457B-A297-B525FA447BA1", "versionEndExcluding": "10.0.17763.5122", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A00D05A-00A8-41B1-8E3A-234DC7C43D16", "versionEndExcluding": "10.0.19043.3693", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "85ABCA53-40C8-452B-8D2F-7AAF3624DCD4", "versionEndExcluding": "10.0.19045.3693", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BCCEFB5-50CD-4D8A-B4A8-16B357367487", "versionEndExcluding": "10.0.22000.2600", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "656DB244-CD92-4288-A4CD-76ED0492D65C", "versionEndExcluding": "10.0.22621.2715", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC26CE6D-0DFD-4642-A806-2A312888A451", "versionEndExcluding": "10.0.22631.2715", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "940B3D77-2D2E-41F3-8450-27AF8BB17F18", "versionEndExcluding": "10.0.17763.5122", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BB96325-BCC0-4C49-AF2A-A12C5CE1D818", "versionEndExcluding": "10.0.20348.2113", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A", "versionEndExcluding": "10.0.25398.531", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."}, {"lang": "es", "value": "Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longitud de clave corta y pueden llevar al descubrimiento de la clave de cifrado y a la inyecci\u00f3n en vivo, tambi\u00e9n conocido como BLUFFS."}], "id": "CVE-2023-24023", "lastModified": "2024-11-21T07:47:16.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-11-28T07:15:41.340", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.acm.org/doi/10.1145/3576915.3623066"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.acm.org/doi/10.1145/3576915.3623066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:2950", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.rt7.342.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:3138", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses", "id": "2254961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254961"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-300", "details": ["Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.", "A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-24023", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-24023\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24023\nhttps://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"], "statement": "The vulnerability identified as CVE-2023-24023, dubbed \"Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS),\" is categorized as having moderate severity due to several factors. While it does allow for potential Man-in-The-Middle (MITM) attacks between paired Bluetooth BR/EDR devices, its impact is somewhat limited by certain conditions. Firstly, successful exploitation requires the attacker to be within wireless range of the vulnerable devices during the encryption procedure initiation. Additionally, the attacker's ability to force a reduction in encryption key length may not guarantee real-time brute-forcing of the key, particularly if it exceeds 7 octets.", "threat_severity": "Moderate"}