CVE-2023-26979

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Aug 3, 2023
Updated: Aug 5, 2023
CWE ID 924

Summary

CVE-2023-26979 is a vulnerability found in the BluetensQ device app version 4.3.15 of the Bluetens Electrostimulation Device. This vulnerability allows attackers to perform Man-in-the-Middle attacks on the BLE (Bluetooth Low Energy) channel, giving them the ability to control the intensity of the stimulator by hijacking the BLE communication. The base severity of this vulnerability is rated as LOW, with a base score of 3.1 out of 10. No privileges are required for exploitation, and there is no user interaction needed. The attack vector is through an adjacent network, and the impact on confidentiality is none while integrity impact is low. The exploitability score is 1.6 out of 10, indicating a low level of ease for attackers to exploit this vulnerability. To remediate this issue, users should update their BluetensQ device app to a version that addresses this vulnerability. Organizations using these devices should be aware that if exploited, an attacker could manipulate the intensity settings of the stimulator, potentially causing harm or discomfort to individuals using the device.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-26979 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options