New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

2023-12-04 13:16

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8)

News URL

https://thehackernews.com/2023/12/new-bluffs-bluetooth-attack-expose.html

#attack #bluetooth #CVE-2023-24023

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-28	CVE-2023-24023	Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. high complexity bluetooth microsoft	6.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Bluetooth		4	0	9	7	0	16