Vulnerability CVE-2017-1000250


Published: 2017-09-12

Description:
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Bluez -> Bluez 

 References:
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3972
http://www.securityfocus.com/bid/100814
https://access.redhat.com/errata/RHSA-2017:2685
https://access.redhat.com/security/cve/CVE-2017-1000250
https://www.armis.com/blueborne
https://www.kb.cert.org/vuls/id/240311
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Copyright 2024, cxsecurity.com

 

Back to Top