CVE-2018-10910
3.3
LOW
CVSS 3.1
EPSS 0.06%
Description
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
How to fix CVE-2018-10910
To remediate CVE-2018-10910, upgrade the affected package to a fixed version below.
- Debian/bluez—upgrade to 5.54-1 or later
Is CVE-2018-10910 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.54-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |