CVE-2022-24695
Summary
| CVE | CVE-2022-24695 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-02 12:15:00 UTC |
| Updated | 2023-06-16 17:55:00 UTC |
| Description | Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bluetooth | Bluetooth Core Specification | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Specifications | Bluetooth® Technology Website | MISC | www.bluetooth.com | |
| CSDL | IEEE Computer Society | MISC | www.computer.org | |
| IEEE Symposium on Security and Privacy 2023 | MISC | sp2023.ieee-security.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.