CVE-2023-2002

MEDIUM Year: 2023
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-250
View all →

Vulnerability Description

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

Related Vulnerabilities

CVE-2020-10290

MEDIUM
CVSS:6.8(Medium)

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the ove...

CWE-2502020

CVE-2022-1744

MEDIUM
CVSS:6.8(Medium)

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability ...

CWE-2502022

CVE-2023-4003

MEDIUM
CVSS:6.8(Medium)

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution wit...

CWE-2502023

CVE-2022-20676

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This ...

CWE-2502022

CVE-2023-6006

MEDIUM
CVSS:6.7(Medium)

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archi...

CWE-2502023

CVE-2024-25967

MEDIUM
CVSS:6.7(Medium)

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, lea...

CWE-2502024