There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above
History

Tue, 24 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2024-06-26T15:19:13.955Z

Updated: 2024-08-02T04:04:25.103Z

Reserved: 2024-06-12T09:23:33.130Z

Link: CVE-2024-38271

cve-icon Vulnrichment

Updated: 2024-06-26T17:14:07.750Z

cve-icon NVD

Status : Modified

Published: 2024-06-26T16:15:11.560

Modified: 2024-11-21T09:25:12.390

Link: CVE-2024-38271

cve-icon Redhat

No data.