CVE-2024-2105
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| harman | jbl_boombox_3 | * |
| harman | jbl_flip_6 | * |
| harman | jbl_boombox_2 | * |
| harman | jbl_pulse_5 | * |
| harman | jbl_xtreme_3 | * |
| harman | jbl_flip_5 | * |
| harman | jbl_pulse_4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause affected JBL devices to crash or become unresponsive, halting music playback and disconnecting existing Bluetooth connections. Recovery requires a manual reboot by the user, as automatic reconnection is not possible. This leads to a denial of service and disruption of normal device usage. [1, 2]
Can you explain this vulnerability to me?
CVE-2024-2105 is a vulnerability in the Bluetooth Low Energy (BLE) controller of several JBL devices. It occurs due to improper validation of the channel map field in BLE connection requests. An unauthorized attacker within Bluetooth range can send a specially crafted invalid connection request packet that causes the affected device to crash or enter a deadlock state, resulting in a denial of service. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Since no remediation or software fix is available for this vulnerability, the immediate mitigation step is to manually reboot the affected device if it crashes or enters a deadlock state due to an attack. Users should be aware that automatic reconnection is not possible after exploitation, so manual intervention is required to restore functionality. Additionally, limiting Bluetooth exposure or disabling Bluetooth when not in use may reduce the risk of exploitation. [1, 2]