CVE-2022-24695
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/06/2023
Last modified:
10/01/2025
Description
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:* | 5.3 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://sp2023.ieee-security.org/program-papers.html
- https://www.bluetooth.com/specifications/specs/core-specification/
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
- https://sp2023.ieee-security.org/program-papers.html
- https://www.bluetooth.com/specifications/specs/core-specification/
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM