How severe is CVE-2022-25837?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-25837?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2022-25837 - HIGH Severity | CVSS 7.5

Vulnerability Description

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.

Related Vulnerabilities

CVE-2018-1128

HIGH

CVSS:7.5(High)

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packe...

CWE-2942018

CVE-2018-17176

HIGH

CVSS:7.5(High)

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be repla...

CWE-2942018

CVE-2018-7356

HIGH

CVSS:7.5(High)

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attacke...

CWE-2942018

CVE-2019-12393

HIGH

CVSS:7.5(High)

Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.

CWE-2942019

CVE-2019-3915

HIGH

CVSS:7.5(High)

Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept ...

CWE-2942019

CVE-2020-27374

HIGH

CVSS:7.5(High)

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.

CWE-2942020