Unauthenticated Injection of HID Messages via Bluetooth HID Hosts in BlueZ
CVE-2023-45866

6.3MEDIUM

Key Information:

Vendor
BlueZ
Status
Android
Vendor
CVE Published:
8 December 2023

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 3,860πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 30%πŸ“° News Worthy

What is CVE-2023-45866?

CVE-2023-45866 is a vulnerability affecting the BlueZ Bluetooth protocol stack, which is integral for enabling Bluetooth communication on Linux systems. This vulnerability allows unauthenticated Bluetooth Human Interface Device (HID) peripherals to initiate and establish encrypted connections, thus permitting the injection of HID messages without user interaction. Such exploitation could lead to unauthorized keystroke injections, compromising the security of the system and enabling potential malicious activities.

Technical Details

The issue lies within the Bluetooth HID Hosts in BlueZ, where an unauthenticated peripheral can connect and send HID keyboard reports without requiring any validation from the central device. This flaw is present in specific versions of BlueZ, including bluez 5.64-0ubuntu1, commonly deployed in Ubuntu 22.04 LTS environments. The vulnerability poses significant concerns, especially in scenarios where robust access controls or user approvals are expected.

Potential Impact of CVE-2023-45866

  1. Unauthorized Access and Control: Exploitation can allow attackers to send keystrokes and commands to the system, leading to unauthorized actions that could compromise sensitive data or system integrity.

  2. Data Breaches: By injecting malicious inputs, attackers may retrieve sensitive information or plant malicious software, increasing the risk of data breaches and manipulation of system resources.

  3. User Trust Erosion: The ability for attackers to manipulate system input without user consent undermines trust in Bluetooth technology, potentially leading to widespread security concerns across various industries employing Bluetooth-enabled devices.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

BlueDucky
Created by pentestfunctions

BluetoothDucky
Created by Eason-zz

CVE-2023-45866_EXPLOITS
Created by AvishekDhakal

News Articles

favicon imageSiliconANGLE

Critical Bluetooth security flaw discovered in Google, Apple and Linux devices - SiliconANGLE

Critical Bluetooth security flaw discovered in Google, Apple and Linux devices - SiliconANGLE

favicon imageHackread

Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS

Another day, another Bluetooth vulnerability impacting billions of devices worldwide!

favicon imageTechRadar

This Bluetooth security flaw could be used to hijack Apple and Linux devices

Experts uncover new way to trick devices via Bluetooth

References

https://bluetooth.com
http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez...
https://github.com/skysafe/reblog/tree/main/cve-2023-45866

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • πŸ“°

    First article discovered by Theregister

  • Vulnerability Reserved

.
CVE-2023-45866 : Unauthenticated Injection of HID Messages via Bluetooth HID Hosts in BlueZ | SecurityVulnerability.io