CVE-2023-46870

HIGH

Nordic Semiconductor nRF Sniffer for Bluetooth LE <4.1.1 - RCE

Title source: llm

Description

extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts.

Exploits (1)

nomisec WRITEUP

by Chapoly1305 · poc

https://github.com/Chapoly1305/CVE-2023-46870

View Code ZIP pw:eip

References (1)

Core 1

Core References

Various Sources

https://github.com/Chapoly1305/CVE-2023-46870

Scores

CVSS v3 7.3

EPSS 0.0016

EPSS Percentile 36.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026