/

CVE-2023-45866 Report - Details, Severity, & Advisorie...

CVE-2023-45866 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-45866?

CVE-2023-45866 is a medium-severity vulnerability affecting Bluetooth HID Hosts in systems running BlueZ, such as Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. This vulnerability allows an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, potentially permitting the injection of HID messages without user interaction. The issue has been addressed in various software updates, including iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, with improved checks to prevent unauthorized access and keystroke injection.

Who is impacted?

The CVE-2023-45866 vulnerability affects users of Bluetooth HID Hosts in BlueZ, particularly those using the affected package bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. Additionally, users of iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later are affected, as well as macOS Sonoma users. The vulnerability may allow unauthorized access and keystroke injection in these systems.

What to do if CVE-2023-45866 affected you

If you're affected by the CVE-2023-45866 vulnerability, it's crucial to take action to protect your devices and data. Start by updating your software to the latest versions, such as iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2. Additionally, follow security best practices, like regularly updating your devices and adhering to recommendations from vendors like Apple.

  1. Check if your device is affected by the vulnerability.

  2. Update your software to the latest version (e.g., iOS 17.2, iPadOS 17.2, macOS Sonoma 14.2).

  3. Regularly check for and install software updates.

  4. Follow security best practices and vendor recommendations.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-45866 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects Bluetooth HID Hosts in systems running BlueZ, such as Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. To protect your devices and data, update your software to the latest versions, like iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, and follow security best practices.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which involves improper authentication in Bluetooth HID Hosts.

Learn More

CVE-2023-45866 is a medium-severity vulnerability affecting Bluetooth HID Hosts in systems like Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. To protect your devices and data, update your software and follow security best practices. For more details on the vulnerability, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-45866 Report - Details, Severity, & Advisorie...

CVE-2023-45866 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-45866?

CVE-2023-45866 is a medium-severity vulnerability affecting Bluetooth HID Hosts in systems running BlueZ, such as Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. This vulnerability allows an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, potentially permitting the injection of HID messages without user interaction. The issue has been addressed in various software updates, including iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, with improved checks to prevent unauthorized access and keystroke injection.

Who is impacted?

The CVE-2023-45866 vulnerability affects users of Bluetooth HID Hosts in BlueZ, particularly those using the affected package bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. Additionally, users of iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later are affected, as well as macOS Sonoma users. The vulnerability may allow unauthorized access and keystroke injection in these systems.

What to do if CVE-2023-45866 affected you

If you're affected by the CVE-2023-45866 vulnerability, it's crucial to take action to protect your devices and data. Start by updating your software to the latest versions, such as iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2. Additionally, follow security best practices, like regularly updating your devices and adhering to recommendations from vendors like Apple.

  1. Check if your device is affected by the vulnerability.

  2. Update your software to the latest version (e.g., iOS 17.2, iPadOS 17.2, macOS Sonoma 14.2).

  3. Regularly check for and install software updates.

  4. Follow security best practices and vendor recommendations.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-45866 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects Bluetooth HID Hosts in systems running BlueZ, such as Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. To protect your devices and data, update your software to the latest versions, like iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, and follow security best practices.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which involves improper authentication in Bluetooth HID Hosts.

Learn More

CVE-2023-45866 is a medium-severity vulnerability affecting Bluetooth HID Hosts in systems like Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. To protect your devices and data, update your software and follow security best practices. For more details on the vulnerability, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-45866 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-45866?

CVE-2023-45866 is a medium-severity vulnerability affecting Bluetooth HID Hosts in systems running BlueZ, such as Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. This vulnerability allows an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, potentially permitting the injection of HID messages without user interaction. The issue has been addressed in various software updates, including iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, with improved checks to prevent unauthorized access and keystroke injection.

Who is impacted?

The CVE-2023-45866 vulnerability affects users of Bluetooth HID Hosts in BlueZ, particularly those using the affected package bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. Additionally, users of iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later are affected, as well as macOS Sonoma users. The vulnerability may allow unauthorized access and keystroke injection in these systems.

What to do if CVE-2023-45866 affected you

If you're affected by the CVE-2023-45866 vulnerability, it's crucial to take action to protect your devices and data. Start by updating your software to the latest versions, such as iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2. Additionally, follow security best practices, like regularly updating your devices and adhering to recommendations from vendors like Apple.

  1. Check if your device is affected by the vulnerability.

  2. Update your software to the latest version (e.g., iOS 17.2, iPadOS 17.2, macOS Sonoma 14.2).

  3. Regularly check for and install software updates.

  4. Follow security best practices and vendor recommendations.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-45866 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects Bluetooth HID Hosts in systems running BlueZ, such as Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. To protect your devices and data, update your software to the latest versions, like iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, and follow security best practices.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which involves improper authentication in Bluetooth HID Hosts.

Learn More

CVE-2023-45866 is a medium-severity vulnerability affecting Bluetooth HID Hosts in systems like Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. To protect your devices and data, update your software and follow security best practices. For more details on the vulnerability, visit the NVD page or refer to the sources below.