CVE - CVE-2023-45866

CVE-ID
CVE-2023-45866	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://support.apple.com/kb/HT214035 CONFIRM:https://support.apple.com/kb/HT214036 DEBIAN:DSA-5584 URL:https://www.debian.org/security/2023/dsa-5584 FEDORA:FEDORA-2023-26a02512e1 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/ FEDORA:FEDORA-2023-6a3fe615d3 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/ FULLDISC:20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2 URL:http://seclists.org/fulldisclosure/2023/Dec/7 FULLDISC:20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2 URL:http://seclists.org/fulldisclosure/2023/Dec/9 GENTOO:GLSA-202401-03 URL:https://security.gentoo.org/glsa/202401-03 MISC:http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog MISC:https://bluetooth.com MISC:https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 MISC:https://github.com/skysafe/reblog/tree/main/cve-2023-45866 MLIST:[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update URL:https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html
Assigning CNA
MITRE Corporation
Date Record Created
20231014	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20231014)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)