Information disclosure in ConnMan - CVE-2012-6459

 

Information disclosure in ConnMan - CVE-2012-6459

Published: February 12, 2021


Vulnerability identifier: #VU50671
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-6459
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: kernel.org
Affected software:
ConnMan

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets.


How to mitigate CVE-2012-6459

Install updates from vendor's website.

Sources