Improper Authentication Vulnerability in Bluetooth Pairing for Samsung Devices
CVE-2024-20803

6.8MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Mobile Devices
Vendor: CVE Published:; 4 January 2024

Summary

An improper authentication vulnerability exists in the Bluetooth pairing process prior to the SMR Jan-2024 Release 1. This flaw allows remote attackers to initiate the pairing process without requiring any user interaction, potentially leading to unauthorized access or control over the Bluetooth-enabled devices. Users should ensure their devices are updated to the latest security patches to mitigate this risk.

Affected Version(s)

Samsung Mobile Devices SMR Jan-2024 Release in Android 11, 12, 13, 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2024
Vulnerability Reserved
Dec 5, 2023