CWE
287
Advisory Published
CVE Published
Updated

CVE-2023-45866

First published: Mon Dec 04 2023(Updated: )

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Credit: Marc Newlin SkySafeMarc Newlin SkySafe cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
debian/bluez<=5.55-3.1<=5.66-1<=5.70-1
5.70-1.1~exp0
5.70-1.1
5.66-1+deb12u1
5.55-3.1+deb11u1
Apple iOS
Apple macOS
Android Android=4.2.2-10
Linux Linux
Ubuntu Ubuntu=18.04
Ubuntu Ubuntu=20.04
Ubuntu Ubuntu=22.04
Ubuntu Ubuntu=23.10
ubuntu/bluez<5.37-0ubuntu5.3+
5.37-0ubuntu5.3+
ubuntu/bluez<5.48-0ubuntu3.9+
5.48-0ubuntu3.9+
ubuntu/bluez<5.53-0ubuntu3.7
5.53-0ubuntu3.7
ubuntu/bluez<5.64-0ubuntu1.1
5.64-0ubuntu1.1
ubuntu/bluez<5.66-0ubuntu1.1
5.66-0ubuntu1.1
ubuntu/bluez<5.68-0ubuntu1.1
5.68-0ubuntu1.1
debian/bluez<=5.50-1.2~deb10u2
5.50-1.2~deb10u4
5.55-3.1+deb11u1
5.66-1+deb12u1
5.71-1
All of
Google Android=4.2.2
Bluproducts Dash=3.5
All of
Google Android=6.0.1
Google Nexus 5
All of
Any of
Google Android=10.0
Google Android=11.0
Google Pixel 2
All of
Google Android=13.0
Any of
Google Pixel 4a
Google Pixel 6
All of
Google Android=14.0
Google Pixel 7
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=22.04
Canonical Ubuntu Linux=23.10
All of
Apple iPhone OS=16.6
Apple Iphone Se
All of
Apple macOS=12.6.7
Apple Macbook Air=2017
All of
Apple macOS=13.3.3
Apple Macbook Pro=m2
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Apple Ipad Os<17.2
Apple iPhone OS<17.2
Apple macOS>=14.0<14.2
Debian Debian Linux=10.0
Apple macOS Sonoma<14.2
14.2
Apple iOS<17.2
17.2
Apple iPadOS<17.2
17.2
Google Android
Apple iPadOS<17.2

Remedy

In `/etc/bluetooth/input.conf` set `ClassicBondedOnly=true` and then `systemctl restart bluetooth`. Setting `ClassicBondedOnly=false` will re-enable legacy device support (like the PS3 controller) and the vulnerability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2023-45866?

    CVE-2023-45866 is a vulnerability in the HID Profile of multiple Bluetooth host stacks that allows connections without MITM protection and user confirmation.

  • Which software products are affected by CVE-2023-45866?

    CVE-2023-45866 affects Google Android, Apple iOS, Apple macOS, Android 4.2.2-10, Linux, and various versions of Ubuntu with the BlueZ package.

  • What is the severity of CVE-2023-45866?

    CVE-2023-45866 has a severity level of critical with a severity value of 9.

  • How can I mitigate CVE-2023-45866 on Ubuntu?

    To mitigate CVE-2023-45866 on Ubuntu, update the BlueZ package to version 5.37-0ubuntu5.3+ (for Ubuntu 18.04), version 5.48-0ubuntu3.9+ (for Ubuntu 20.04), version 5.53-0ubuntu3.7 (for Ubuntu 21.04), version 5.64-0ubuntu1.1 (for Ubuntu 23.10), or version 5.66-0ubuntu1.1 (for Ubuntu 24.04).

  • Where can I find more information about CVE-2023-45866?

    You can find more information about CVE-2023-45866 in the Android Security Bulletin for December 2023, the GitHub repository 'skysafe/reblog', and the MITRE CVE database.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203