CVE-2024-1638
CVSS 3.1 Score 8.2 of 10 (high)
Details
Published Feb 19, 2024
Updated: Feb 20, 2024
CWE ID 20
Summary
CVE-2024-1638 is a vulnerability affecting Bluetooth characteristics that use LE Secure Connection encryption for read or write access. Contrary to specification, if the BT_GATT_PERM_READ_ENCRYPT or BT_GATT_PERM_READ_AUTHEN permissions for reading, or BT_GATT_PERM_WRITE_ENCRYPT and BT_GATT_PERM_WRITE_AUTHEN for writing are not also set, the stack does not enforce any permission checks, allowing unauthorized read and write access even in secure connections only mode. This can potentially lead to data breaches or unintended system modifications.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share