CVE-2023-45866

UNKNOWN

Published 2023-12-08T00:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-45866. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-qjcj-xg77-6c32

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-45866

WEB https://bluetooth.com

WEB https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675

WEB https://github.com/skysafe/reblog/tree/main/cve-2023-45866

WEB https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ

WEB https://security.gentoo.org/glsa/202401-03

WEB https://support.apple.com/kb/HT214035

WEB https://support.apple.com/kb/HT214036

WEB https://www.debian.org/security/2023/dsa-5584

WEB http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog

WEB http://seclists.org/fulldisclosure/2023/Dec/7

WEB http://seclists.org/fulldisclosure/2023/Dec/9

Advisory provided by GitHub Security Advisory Database. Published: December 8, 2023, Modified: December 12, 2024

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

4 posts

Reddit • 1 week, 3 days ago

crstux

Exploit

🔥 Top 10 Trending CVEs (15/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49706](https://nvd.nist.gov/vuln/detail/CVE-2025-49706)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 3 - 📝 **Analysis:** A SharePoint Server spoofing …

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2025-22224 CVE-2024-27348 CVE-2024-50379 CVE-2020-0556

2.0

View Original High Risk

Reddit • 1 week, 3 days ago

crstux

Exploit

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2025-22224 CVE-2024-27348 CVE-2024-50379 CVE-2020-0556

1.0

View Original High Risk

Reddit • 1 week, 4 days ago

crstux

Payload

🔥 Top 10 Trending CVEs (14/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-25257](https://nvd.nist.gov/vuln/detail/CVE-2025-25257)** - 📝 n/a - 📈 **CVSS:** 0 - 🧭 **Vector:** n/a - ⚠️ **Priority:** n/a - 📝 **Analysis:** No Information available for this CVE at the moment --- **2. [CVE-2025-34085](https://nvd.nist.gov/vuln/detail/CVE-2025-34085)** …

Also mentions: CVE-2025-47812 CVE-2025-34085 CVE-2025-5777 CVE-2025-5959 CVE-2025-48827 CVE-2023-52927 CVE-2024-34470 CVE-2020-0556

4.0

View Original

Reddit • 1 week, 5 days ago

crstux

🔥 Top 10 Trending CVEs (13/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-45866](https://nvd.nist.gov/vuln/detail/CVE-2023-45866)** - 📝 Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection …