CVE-2023-42555

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 7, 2023

Updated: Nov 15, 2023

Summary

CVE-2023-42555 is a vulnerability affecting EasySetup versions prior to 11.1.13. This issue involves the use of implicit intent for sensitive communication, allowing attackers to obtain the Bluetooth address of a user's device. This vulnerability could potentially enable unauthorized access or information disclosure, making it a significant security concern for users of EasySetup. Attackers can exploit this flaw to gain crucial information needed to carry out further attacks or establish unsecured connections. Users are strongly advised to update to the latest version of EasySetup to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sqI43q
https://www.cve.org/CVERecord?id=CVE-2023-42555
https://nvd.nist.gov/vuln/detail/CVE-2023-42555

Back to Vulnerability Database

CVE-2023-42555

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations