header-logo
Suggest Exploit
vendor:
BlueZ
by:
Unknown
7.5
CVSS
HIGH
Device Command Injection
78
CWE
Product Name: BlueZ
Affected Version From: Prior to version 2.25
Affected Version To:
Patch Exists: NO
Related CWE: Unknown
CPE: a:bluez_project:bluez
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

BlueZ hidd Device Command Injection Vulnerability

BlueZ hidd is vulnerable to a device-command-injection vulnerability that allows a remote attacker to gain control of mouse and keyboard HIDs. This enables the attacker to interact with the targeted computer as the logged-in user.

Mitigation:

Upgrade to BlueZ version 2.25 or later to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22076/info

BlueZ hidd is prone to a device-command-injection vulnerability.

A remote attacker can exploit this issue to gain control of mouse and keyboard HIDs (human interface device). This will allow the attacker to interact with the targeted computer in the context of the currently logged-in user.

Versions prior to 2.25 are vulnerable. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29471.tar.gz

Navigation

Suggest Exploit

Services By CQR