How severe is CVE-2022-24695?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-24695?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2022-24695 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.

Related Vulnerabilities

CVE-2019-12383

MEDIUM

CVSS:4.3(Medium)

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my lang...

CWE-2032019

CVE-2020-35473

MEDIUM

CVSS:4.3(Medium)

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specificatio...

CWE-2032020

CVE-2020-6531

MEDIUM

CVSS:4.3(Medium)

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032020

CVE-2021-20376

MEDIUM

CVSS:4.3(Medium)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568...

CWE-2032021

CVE-2021-34576

MEDIUM

CVSS:4.3(Medium)

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third part...

CWE-2032021

CVE-2021-37968

MEDIUM

CVSS:4.3(Medium)

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032021