CVE-2018-10910 MEDIUM

CVE-2018-10910

Vendor The Bluez Project
Product bluez
Weakness CWE-863 · Incorrect authorization
Published January 28, 2019
Last update August 5, 2024

CVSS base score

4.5/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Key dates

02Disclosure timeline

January 28, 2019 CVE published
August 5, 2024 Record updated