Tag
#Microsoft Bluetooth Driver
**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.
**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.
**How could an attacker exploit this vulnerability?** An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.
**Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)?** CVE-2023-24023 is regarding a vulnerability reported to the Bluetooth Special Interest Group (Bluetooth SIG). MITRE assigned this CVE number on behalf of the Bluetooth organization https://www.bluetooth.com/about-us/vision/.
**How could an attacker exploit this vulnerability?** An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.
**How could an attacker exploit this vulnerability?** An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.
**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system in order to send and receive radio transmissions.
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
**How could an attacker exploit this vulnerability?** An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.