openEuler update for bluez
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-45866 CVE-2020-0556 |
| CWE-ID | CWE-20 CWE-264 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system bluez-help Operating systems & Components / Operating system package or component bluez-debuginfo Operating systems & Components / Operating system package or component bluez-libs Operating systems & Components / Operating system package or component bluez-debugsource Operating systems & Components / Operating system package or component bluez-cups Operating systems & Components / Operating system package or component bluez-devel Operating systems & Components / Operating system package or component bluez Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU83831
Risk: Medium
CVSSv3.1: 6.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-45866
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unspecified vulnerability in Bluetooth implementation. A remote attacker with physical proximity to device can inject keystrokes by spoofing a keyboard and execute arbitrary commands on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS SP2
bluez-help: before 5.54-13
bluez-debuginfo: before 5.54-13
bluez-libs: before 5.54-13
bluez-debugsource: before 5.54-13
bluez-cups: before 5.54-13
bluez-devel: before 5.54-13
bluez: before 5.54-13
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1948
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU26047
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0556
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper access control in subsystem for BlueZ. A remote attacker on the local network can gain elevated privileges on the target system and cause a denial of service (DoS) condition.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 22.03 LTS SP2
bluez-help: before 5.54-13
bluez-debuginfo: before 5.54-13
bluez-libs: before 5.54-13
bluez-debugsource: before 5.54-13
bluez-cups: before 5.54-13
bluez-devel: before 5.54-13
bluez: before 5.54-13
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1948
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
