Vulnerabilities > CVE-2023-2002 - Incorrect Authorization vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
HIGH
low complexity
linux
debian
CWE-863

Summary

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

Vulnerable Configurations

Part Description Count
OS
Linux
5471
OS
Debian
2

Common Weakness Enumeration (CWE)