CVE-2018-10910

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Published: Jan 28, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-10910
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
bluez / bluez	-	5.51
canonical / ubuntu_linux	18.04	18.04.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910
https://usn.ubuntu.com/3856-1/

Vulnerability Database

289,697

CVE-2018-10910