| ID |
CVE-2018-10910
|
| Summary |
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:bluez:bluez:5.41:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.41:*:*:*:*:*:*:*
-
cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*
-
cpe:2.3:a:bluez:bluez:5.45:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.45:*:*:*:*:*:*:*
-
cpe:2.3:a:bluez:bluez:5.46:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.46:*:*:*:*:*:*:*
-
cpe:2.3:a:bluez:bluez:5.47:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.47:*:*:*:*:*:*:*
-
cpe:2.3:a:bluez:bluez:5.48:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.48:*:*:*:*:*:*:*
-
cpe:2.3:a:bluez:bluez:5.49:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.49:*:*:*:*:*:*:*
-
cpe:2.3:a:bluez:bluez:5.50:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez:5.50:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
|
| CVSS |
| Base: | 2.1 (as of 09-10-2019 - 23:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| redhat
via4
|
| advisories | | bugzilla | | id | 1606203 | | title | CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 7 is installed | | oval | oval:com.redhat.rhba:tst:20150364027 |
| OR | | AND | | comment | bluez is earlier than 0:5.44-6.el7 | | oval | oval:com.redhat.rhsa:tst:20201101001 |
| comment | bluez is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685002 |
|
| AND | | comment | bluez-cups is earlier than 0:5.44-6.el7 | | oval | oval:com.redhat.rhsa:tst:20201101003 |
| comment | bluez-cups is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685008 |
|
| AND | | comment | bluez-hid2hci is earlier than 0:5.44-6.el7 | | oval | oval:com.redhat.rhsa:tst:20201101005 |
| comment | bluez-hid2hci is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685019 |
|
| AND | | comment | bluez-libs is earlier than 0:5.44-6.el7 | | oval | oval:com.redhat.rhsa:tst:20201101007 |
| comment | bluez-libs is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685012 |
|
| AND | | comment | bluez-libs-devel is earlier than 0:5.44-6.el7 | | oval | oval:com.redhat.rhsa:tst:20201101009 |
| comment | bluez-libs-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685014 |
|
|
|
|
| | rhsa | | id | RHSA-2020:1101 | | released | 2020-03-31 | | severity | Low | | title | RHSA-2020:1101: bluez security update (Low) |
|
| bugzilla | | id | 1606203 | | title | CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 8 is installed | | oval | oval:com.redhat.rhba:tst:20193384074 |
| OR | | AND | | comment | bluez is earlier than 0:5.50-3.el8 | | oval | oval:com.redhat.rhsa:tst:20201912001 |
| comment | bluez is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685002 |
|
| AND | | comment | bluez-cups is earlier than 0:5.50-3.el8 | | oval | oval:com.redhat.rhsa:tst:20201912003 |
| comment | bluez-cups is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685008 |
|
| AND | | comment | bluez-debugsource is earlier than 0:5.50-3.el8 | | oval | oval:com.redhat.rhsa:tst:20201912005 |
| comment | bluez-debugsource is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20201912006 |
|
| AND | | comment | bluez-hid2hci is earlier than 0:5.50-3.el8 | | oval | oval:com.redhat.rhsa:tst:20201912007 |
| comment | bluez-hid2hci is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685019 |
|
| AND | | comment | bluez-libs is earlier than 0:5.50-3.el8 | | oval | oval:com.redhat.rhsa:tst:20201912009 |
| comment | bluez-libs is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685012 |
|
| AND | | comment | bluez-libs-devel is earlier than 0:5.50-3.el8 | | oval | oval:com.redhat.rhsa:tst:20201912011 |
| comment | bluez-libs-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20172685014 |
|
| AND | | comment | bluez-obexd is earlier than 0:5.50-3.el8 | | oval | oval:com.redhat.rhsa:tst:20201912013 |
| comment | bluez-obexd is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20201912014 |
|
|
|
|
| | rhsa | | id | RHSA-2020:1912 | | released | 2020-04-28 | | severity | Low | | title | RHSA-2020:1912: bluez security update (Low) |
|
| | rpms | - bluez-0:5.44-6.el7
- bluez-cups-0:5.44-6.el7
- bluez-debuginfo-0:5.44-6.el7
- bluez-hid2hci-0:5.44-6.el7
- bluez-libs-0:5.44-6.el7
- bluez-libs-devel-0:5.44-6.el7
- bluez-0:5.50-3.el8
- bluez-cups-0:5.50-3.el8
- bluez-cups-debuginfo-0:5.50-3.el8
- bluez-debuginfo-0:5.50-3.el8
- bluez-debugsource-0:5.50-3.el8
- bluez-hid2hci-0:5.50-3.el8
- bluez-hid2hci-debuginfo-0:5.50-3.el8
- bluez-libs-0:5.50-3.el8
- bluez-libs-debuginfo-0:5.50-3.el8
- bluez-libs-devel-0:5.50-3.el8
- bluez-obexd-0:5.50-3.el8
- bluez-obexd-debuginfo-0:5.50-3.el8
|
|
| refmap
via4
|
|
| Last major update |
09-10-2019 - 23:33 |
| Published |
28-01-2019 - 15:29 |
| Last modified |
09-10-2019 - 23:33 |
