CVE-2023-46447
Publication date 20 January 2024
Last updated 24 July 2024
Ubuntu priority
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| python-asyncssh | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Notes
mdeslaur
This CVE was mentioned in the terrapin-attack.com advisory as affecting AsyncSSH, but the CVE number was a typo. This CVE does not affect AsyncSSH.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |