Tech »  Topic »  Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks

Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks


Security researchers have disclosed a critical set of Bluetooth vulnerabilities dubbed “PerfektBlue” that affect millions of vehicles and other devices using OpenSynergy’s BlueSDK framework.

The vulnerabilities can be chained together to achieve remote code execution (RCE) with minimal user interaction, requiring only device pairing to launch successful attacks.

Bluetooth Protocol Vulnerabilities

The PerfektBlue attack leverages four distinct vulnerabilities in the OpenSynergy BlueSDK Bluetooth stack, a framework widely adopted across the automotive sector.

CVE ID Description CVSS Score Severity
CVE-2024-45434 Use-After-Free in AVRCP service 8.0 Critical
CVE-2024-45431 Improper validation of L2CAP channel’s remote CID 3.5 Low
CVE-2024-45433 Incorrect function termination in RFCOMM 5.7 Medium
CVE-2024-45432 Function call with incorrect parameter in RFCOMM 5.7 Medium

Major manufacturers including Mercedes-Benz AG, Volkswagen, and Skoda have been confirmed as affected, with researchers noting that the vulnerability extends beyond automotive applications to mobile phones and portable devices.

The attack ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE