CVE-2023-26979

Summary

CVE-2023-26979 is a vulnerability found in the BluetensQ device app version 4.3.15 of the Bluetens Electrostimulation Device. This vulnerability allows attackers to perform Man-in-the-Middle attacks on the BLE (Bluetooth Low Energy) channel, giving them the ability to control the intensity of the stimulator by hijacking the BLE communication. The base severity of this vulnerability is rated as LOW, with a base score of 3.1 out of 10. No privileges are required for exploitation, and there is no user interaction needed. The attack vector is through an adjacent network, and the impact on confidentiality is none while integrity impact is low. The exploitability score is 1.6 out of 10, indicating a low level of ease for attackers to exploit this vulnerability. To remediate this issue, users should update their BluetensQ device app to a version that addresses this vulnerability. Organizations using these devices should be aware that if exploited, an attacker could manipulate the intensity settings of the stimulator, potentially causing harm or discomfort to individuals using the device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.