CVE-2022-31459

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.

Known Exploited Vulnerability

This Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Owl Labs Meeting Owl contains an inadequate encryption strength vulnerability that allows an attacker to retrieve the passcode hash via a certain c 10 value over Bluetooth.

The following remediation steps are recommended / required by October 9, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Exploit Probability

EPSS

0.15%

Percentile

35.46%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-31459Published on June 2, 2022

Known Exploited Vulnerability

Vulnerability Analysis

Exploit Probability

CVE-2022-31459
Published on June 2, 2022