Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks
gbhackersSecurity researchers have disclosed a critical set of Bluetooth vulnerabilities dubbed “PerfektBlue” that affect millions of vehicles and other devices using OpenSynergy’s BlueSDK framework.
The vulnerabilities can be chained together to achieve remote code execution (RCE) with minimal user interaction, requiring only device pairing to launch successful attacks.
Bluetooth Protocol Vulnerabilities
The PerfektBlue attack leverages four distinct vulnerabilities in the OpenSynergy BlueSDK Bluetooth stack, a framework widely adopted across the automotive sector.
CVE ID | Description | CVSS Score | Severity |
CVE-2024-45434 | Use-After-Free in AVRCP service | 8.0 | Critical |
CVE-2024-45431 | Improper validation of L2CAP channel’s remote CID | 3.5 | Low |
CVE-2024-45433 | Incorrect function termination in RFCOMM | 5.7 | Medium |
CVE-2024-45432 | Function call with incorrect parameter in RFCOMM | 5.7 | Medium |
Major manufacturers including Mercedes-Benz AG, Volkswagen, and Skoda have been confirmed as affected, with researchers noting that the vulnerability extends beyond automotive applications to mobile phones and portable devices.
The attack ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE