CVE-2022-24695
CVE-2022-24695 is a medium-severity vulnerability in Bluetooth Bluetooth Core Specification with a CVSS 3.x base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-203.
Key facts
- Severity: Medium (CVSS 3.x base score 4.3)
- EPSS exploit prediction: 0% (33rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-203
- Affected product: Bluetooth Bluetooth Core Specification
- Published:
- Last modified:
Description
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
Frequently asked questions
- What is CVE-2022-24695?
- Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
- How severe is CVE-2022-24695?
- CVE-2022-24695 has a CVSS 3.x base score of 4.3, rated medium severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2022-24695 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (33rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-24695?
- CVE-2022-24695 affects Bluetooth Bluetooth Core Specification. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-24695?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-24695 published?
- CVE-2022-24695 was published on 2023-06-02 and last updated on 2026-06-17.
References
- https://sp2023.ieee-security.org/program-papers.html
- https://www.bluetooth.com/specifications/specs/core-specification/
- https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM
Affected products (1)
- cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*
More vulnerabilities in Bluetooth Bluetooth Core Specification
- CVE-2022-25837 — High (CVSS 7.5): Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire…
- CVE-2022-25836 — High (CVSS 7.5): Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to…
- CVE-2020-26556 — High (CVSS 7.5): Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful…
- CVE-2023-24023 — Medium (CVSS 6.8): Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2…
- CVE-2020-15802 — Medium (CVSS 5.9): Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key…
- CVE-2020-26555 — Medium (CVSS 5.4): Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated…
All CVEs affecting Bluetooth Bluetooth Core Specification →
Other CWE-203 (Observable Discrepancy) vulnerabilities
- CVE-2019-25337 — Critical (CVSS 9.8): OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by…
- CVE-2026-23519 — Critical (CVSS 9.8): RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in…
- CVE-2025-27667 — Critical (CVSS 9.8): Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative…
- CVE-2024-25714 — Critical (CVSS 9.8): In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel…
- CVE-2024-25191 — Critical (CVSS 9.8): php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass…
- CVE-2024-25190 — Critical (CVSS 9.8): l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass…
Browse all CWE-203 (Observable Discrepancy) vulnerabilities →