QwikSec

Security Database

CVE

CWE

Training

CVE-2023-45866

Published: Dec 8, 2023

Modified: Nov 4, 2025

PUBLISHED

Description

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bluetooth.com

http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog

https://github.com/skysafe/reblog/tree/main/cve-2023-45866

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675

FEDORA-2023-6a3fe615d3

vendor-advisory

FEDORA-2023-26a02512e1

vendor-advisory

https://support.apple.com/kb/HT214036

https://support.apple.com/kb/HT214035

20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2

mailing-list

20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2

mailing-list

[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update

mailing-list

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.