CVE-2023-45866
bluez - security update
6.3
MEDIUM
CVSS 3.1
EPSS 36.0%
Description
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
How to fix CVE-2023-45866
To remediate CVE-2023-45866, upgrade the affected package to a fixed version below.
- —upgrade to 5.55-3.1+deb11u1 or later
- —upgrade to 5.50-1.2~deb10u4 or later
- —upgrade to 5.55-3.1+deb11u1 or later
Is CVE-2023-45866 being exploited?
Moderate — EPSS is 36.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 5.55-3.1+deb11u1
- from 0, < 5.50-1.2~deb10u4
- from 0, < 5.55-3.1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |