How severe is CVE-2021-37577?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2021-37577?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2021-37577 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558.

Related Vulnerabilities

CVE-2023-46446

MEDIUM

CVSS:6.8(Medium)

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."

CWE-6392023

CVE-2024-1604

MEDIUM

CVSS:6.8(Medium)

Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available wi...

CWE-6392024

CVE-2023-26237

MEDIUM

CVSS:6.7(Medium)

An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.

CWE-6392023

CVE-2023-27576

MEDIUM

CVSS:6.7(Medium)

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the us...

CWE-6392023

CVE-2024-47495

HIGH

CVSS:6.7(Medium)

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in us...

CWE-6392024

CVE-2024-22439

MEDIUM

CVSS:6.9(Medium)

A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in infor...

CWE-6392024