CVE-2018-10910

Published: 1/28/2019 Last updated: 8/5/2024 Reserved: 5/9/2018

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	4.5	Medium	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Opam packages affected (2)

conf-bluetooth mindstorm

Products affected (1)

Product	Vendor	Version
bluez	The Bluez Project	15.03.06.15

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910
https://usn.ubuntu.com/3856-1/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910
https://usn.ubuntu.com/3856-1/