BT: Encryption Procedure Vulnerability Exposes Customer Data
CVE-2024-5754

8.2HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 13 September 2024

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2024-5754?

The vulnerability in Zephyr RTOS involves a flaw in the encryption procedure host, which could allow unauthorized access or modification of encrypted data. This could potentially lead to serious breaches in data integrity, compromising the security of connected devices. It is crucial for users and developers to apply the latest updates and patches to safeguard against potential exploitation of this vulnerability.

Affected Version(s)

Zephyr * <= 3.6

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Jun 7, 2024

JSON