CVE-2022-31463
Published on June 2, 2022
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
Known Exploited Vulnerability
This Owl Labs Meeting Owl Improper Authentication Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Owl Labs Meeting Owl contains an improper authentication vulnerability that does not require a password for Bluetooth commands, as only client-side authentication is used.
The following remediation steps are recommended / required by October 9, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2022-31463 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2022-31463
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-31463 are published in these products:
What versions are vulnerable to CVE-2022-31463?
Each of the following must match for the vulnerability to exist.