CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

Published: Nov 28, 2023
Updated: Dec 3, 2023
CVE: CVE-2023-24023
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bluetooth / bluetooth_core_specification	4.2	5.4.x
microsoft / windows_10_22h2	-	10.0.19045.3693
microsoft / windows_11_21h2	-	10.0.22000.2600
microsoft / windows_11_22h2	-	10.0.22621.2715
microsoft / windows_11_23h2	-	10.0.22631.2715
microsoft / windows_server_2022_23h2	-	10.0.25398.531
microsoft / windows_10_21h2	-	10.0.19043.3693
microsoft / windows_10_1809	-	10.0.17763.5122
microsoft / windows_server_2019	-	10.0.17763.5122
microsoft / windows_server_2022	-	10.0.20348.2113

Vulnerability Database

289,571

CVE-2023-24023