Bluetooth Vulnerability in Bluez Affects Multiple Versions
CVE-2018-10910

4.5MEDIUM

Key Information:

Vendor: The Bluez Project
Status: Bluez
Vendor: CVE Published:; 28 January 2019

Summary

A vulnerability in the Bluez Bluetooth stack may enable the Discoverable state to be active when no Bluetooth agent is registered with the system. This flaw can facilitate unauthorized pairing attempts of Bluetooth devices, allowing connections without proper authentication. It primarily affects Bluez versions prior to 5.51, posing a potential risk for users who may inadvertently expose their devices to untrusted connections.

Affected Version(s)

bluez before 5.51

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910

x_refsource_CONFIRM

https://usn.ubuntu.com/3856-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2019
Vulnerability Reserved
May 9, 2018