CVE-2017-1000250

LOW

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4561

http://www.debian.org/security/2017/dsa-3972

http://www.securityfocus.com/bid/100814

https://access.redhat.com/errata/RHSA-2017:2685

https://access.redhat.com/security/cve/CVE-2017-1000250

https://access.redhat.com/security/vulnerabilities/blueborne

https://www.armis.com/blueborne

https://www.kb.cert.org/vuls/id/240311

https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Details

Source: MITRE

Published: 2017-09-12

Updated: 2018-02-17

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 3.3

Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 6.5

Severity: LOW

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM