Cyber Resilience

CVE-2023-2002

MediumPublic PoC

Published: 26 May 2023

Published
26 May 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0059 69.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-2002 is a medium-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Debian Debian Linux. Its CVSS base score is 6.8 (Medium).

Operationally, ranked in the top 30.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth…

more

communication.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
≤ 6.4
debian
debian linux
10.0, 11.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-863 CWE-250

Periodic review and update of procedures reduces incorrect authorization implementations over time.

addresses: CWE-863 CWE-250

Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.

addresses: CWE-250 CWE-863

Reviewing accounts for compliance, disabling/removing unneeded accounts, and aligning with termination processes prevents execution with unnecessary privileges.

addresses: CWE-863 CWE-250

Periodic review and documentation of connection needs reduces incorrect authorization.

addresses: CWE-863 CWE-250

The control requires correct implementation of authorization specifically tied to change operations.

addresses: CWE-863 CWE-250

Authorization reviews within the risk management program detect and prevent incorrect authorization logic or policy enforcement before systems receive approval to operate.

addresses: CWE-250 CWE-863

Insider threat program enforces least-privilege reviews and monitors privileged actions, directly reducing abuse of unnecessary rights.

addresses: CWE-250 CWE-863

Org-wide risk executive function provides accountability and oversight that directly reduces execution with unnecessary privileges through consistent identification and mitigation.

References