AI description
CVE-2023-45866 is an improper authentication vulnerability in the Bluetooth protocol, specifically impacting Bluetooth HID (Human Interface Device) hosts. This vulnerability allows an unauthenticated peripheral HID device, such as a keyboard or mouse, to establish an encrypted connection and potentially inject HID messages without user interaction. Affected systems include those running BlueZ, a Linux Bluetooth stack, notably impacting Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. The vulnerability also affects Android, iOS, macOS, and Linux-based smart TVs with Bluetooth interfaces. Exploitation of this vulnerability could allow attackers to inject keystrokes, potentially leading to data theft or execution of malicious actions on the targeted device. Fixes for this vulnerability have been released in various software updates, including iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2. It's crucial to keep software updated to mitigate the risk posed by CVE-2023-45866. The vulnerability highlights the importance of secure Bluetooth implementations and the need for regular updates to address emerging security flaws.
- Description
- Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
BlueDucky CVE-2023-45866 تنفيذ (باستخدام DuckyScript) 🔓 اقتران غير مصدق يؤدي إلى تنفيذ التعليمات البرمجية (باستخدام لوحة مفاتيح HID) https://t.co/GNxp2RKZop https://t.co/SRyDFP8Psm
@TareqALhazzaa
2 Mar 2025
1405 Impressions
3 Retweets
35 Likes
11 Bookmarks
0 Replies
0 Quotes
Unpatched Bluetooth Devices are vulnerable to zero-click keystroke injection attacks in Linux, MacOS, Android, and Windows using CVE-2023-45866 Learn how to use this attack and protect yourself these type of attacks at our upcoming Bluetooth Hacking class January 28-30.… https:/
@three_cube
14 Jan 2025
474 Impressions
2 Retweets
14 Likes
6 Bookmarks
1 Reply
0 Quotes
#BlueDucky is still a relevant tool to scan and identify vulnerable #Bluetooth devices to 0-click attack (CVE-2023-45866). Don't postpone updates of your smart gadgets in 2025 Post Credit: Lukas Stefanko #infosec #hacking #hacker #cyberseurity #bugbounty #bugbountytips https:/
@viehgroup
8 Jan 2025
114 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-43405 2 - CVE-2023-45866 3 - CVE-2024-49112 4 - CVE-2024-49113 5 - CVE-2024-4367 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
5 Jan 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📱 BlueDucky (https://t.co/phr4mpbvw9) is still a relevant tool to scan and identify vulnerable #Bluetooth devices (CVE-2023-45866). 🖥 Website: 🔗 Link (https://t.co/niRUEtYwbG) https://t.co/phr4mpbvw9 #NetHunter #InfoSec #CyberSecurity #Hacking
@HackingTeam777
4 Jan 2025
275 Impressions
1 Retweet
5 Likes
2 Bookmarks
0 Replies
0 Quotes
GitHub - pentestfunctions/BlueDucky: 🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) Unauthenticated Peering Leading to Code Execution (Using HID Keyboard) https://t.co/IchNb1z5Zt
@akaclandestine
4 Jan 2025
1577 Impressions
4 Retweets
19 Likes
4 Bookmarks
1 Reply
0 Quotes
📱 BlueDucky is still a relevant tool to scan and identify vulnerable #Bluetooth devices (CVE-2023-45866). Don't postpone updates of your devices in 2025⚠️ 🖥 Website: 🔗 Link https://t.co/phr4mpbvw9 #NetHunter #InfoSec #CyberSecurity #Hacking
@HackingTeam777
4 Jan 2025
1473 Impressions
14 Retweets
61 Likes
23 Bookmarks
0 Replies
0 Quotes
BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. (CVE-2023-45866) https://t.co/5u7QiGJdbj #Vulnerability #Bluetooth #Hacking #Pentest https://t.co/NJV09aJaUX
@hackingspace
3 Jan 2025
363 Impressions
4 Retweets
6 Likes
5 Bookmarks
0 Replies
0 Quotes
#BlueDucky is still a relevant tool to scan and identify vulnerable #Bluetooth devices (CVE-2023-45866). Don't postpone updates of your devices in 2025 https://t.co/B1jkbNdaNY #NetHunter https://t.co/sZ5pDFAQr3
@androidmalware2
3 Jan 2025
30113 Impressions
147 Retweets
840 Likes
498 Bookmarks
3 Replies
5 Quotes
Discovered 600+ #Bluetooth devices at the airport. Wonder how many of them are patched against Bluetooth pairing vulnerability that leads to 0-click RCE (CVE-2023-45866) #BlueDucky https://t.co/B1jkbNdaNY https://t.co/vLMbEVTdCx
@androidmalware2
14 Dec 2024
10312 Impressions
47 Retweets
209 Likes
97 Bookmarks
4 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bluproducts:dash:3.5:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "025AACE2-2B3F-4ACD-B187-22ED8CDF8BAF"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "25DB8689-116F-49B5-91F5-BCBA8854BD42"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63"
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "602CE21C-E1A9-4407-A504-CF4E58F596F5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:16.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "705DA51B-6A6E-422D-9A22-0DB86836EA0C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone_se:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "91A20702-427E-4876-9DEE-E244F39A2E79"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:12.6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15DDFC77-1ACB-4092-A1C3-623DE3CC980C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_air:2017:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B649B9E4-91D9-4712-8E2A-9246E17D19CB"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:13.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CECFF66D-DDF3-4492-85BE-79B57E7AAE9F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_pro:m2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F1C6A9E0-6DDD-4E64-97B0-47C69A865C0E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
}
]