{
  "threat_severity" : "Low",
  "public_date" : "2018-07-20T18:50:00Z",
  "bugzilla" : {
    "description" : "bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices",
    "id" : "1606203",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1606203"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-863",
  "details" : [ "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.", "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication." ],
  "acknowledgement" : "Red Hat would like to thank Chris Marchesi for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-31T00:00:00Z",
    "advisory" : "RHSA-2020:1101",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "bluez-0:5.44-6.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-04-28T00:00:00Z",
    "advisory" : "RHSA-2020:1912",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bluez-0:5.50-3.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-04-28T00:00:00Z",
    "advisory" : "RHSA-2020:1912",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "bluez-0:5.50-3.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "bluez",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-10910\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10910" ],
  "name" : "CVE-2018-10910",
  "mitigation" : {
    "value" : "Disable Bluetooth.",
    "lang" : "en:us"
  },
  "csaw" : false
}