CVE-2024-8805

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 284

Summary

CVE-2024-8805 is a remote code execution vulnerability affecting the BlueZ HID over GATT Profile. This issue allows network-adjacent attackers to execute arbitrary code on vulnerable systems without requiring authentication. The vulnerability arises due to insufficient access control checks in the implementation of the HID over GATT Profile. An attacker can exploit this flaw to gain code execution privileges in the context of the current user. This vulnerability, identified as ZDI-CAN-25177, poses a significant risk to affected installations of BlueZ.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share