CVE-2018-10910
MEDIUMbluez < 5.51 - Unauthenticated Bluetooth Pairing via Discoverable State
Title source: llmDescription
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3856-1/
Scores
CVSS v3
4.5
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-863
Status
published
Products (2)
bluez/bluez
< 5.51
canonical/ubuntu_linux
18.04
Published
Jan 28, 2019
Tracked Since
Feb 18, 2026