What is CVE-2023-28588?

A high-severity transient denial-of-service (DoS) vulnerability in Qualcomm Bluetooth Host allows attackers to disrupt services. Organizations should prioritize patching to mitigate risks.

What is the severity of CVE-2023-28588?

CVE-2023-28588 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2023-28588 | High Vulnerability in Qualcomm Bluetooth Host

CVE-2023-28588 is a high-severity vulnerability affecting Qualcomm's Bluetooth Host, which allows for transient denial-of-service (DoS) during the RFC slot allocation process. This vulnerability has a CVSS score of 7.5, indicating a significant risk to systems utilizing the affected Qualcomm firmware versions.

Risk to organizations includes potential service disruptions that can impact user experience and operational efficiency. The availability impact is marked as high, underscoring the urgency for organizations to address this vulnerability.

Currently, there is no confirmed public exploit available for this vulnerability; however, security teams should remain vigilant as it is crucial to mitigate any potential risks. Organizations should prioritize patching immediately.

The vulnerability was published on December 5, 2023, and Qualcomm has provided a vendor advisory for remediation. Organizations using Qualcomm firmware are urged to evaluate their systems and apply the necessary patches.

Vulnerability Details

This vulnerability allows transient denial-of-service (DoS) in the Bluetooth Host while performing RFC slot allocation. It has been classified under CWE-190, which relates to numeric truncation errors that can lead to unexpected behavior.

The CVSS score of 7.5 indicates a high severity level, necessitating prompt action from affected organizations. The vulnerability impacts multiple Qualcomm firmware components, including apq8017, apq8064au, and several others.

Technical Analysis

The root cause of this vulnerability stems from improper handling of RFC slot allocations within the Bluetooth Host, leading to a significant availability impact. The attack vector is categorized as network-based, with low complexity and no privileges required for exploitation.

No user interaction is required, making this vulnerability particularly concerning. The confidentiality and integrity impacts are noted as none, but the high availability impact means attackers can effectively disrupt services.

Risk & Impact Analysis

The real-world deployment risk associated with CVE-2023-28588 is substantial. With the availability impact marked as high, organizations relying on affected Qualcomm firmware must assess their systems for potential vulnerabilities.

The urgency of addressing this vulnerability is critical, especially for organizations leveraging Bluetooth technology in their systems. Failure to patch could lead to significant service disruptions and loss of reputation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include various Qualcomm firmware components, notably: apq8017_firmware, apq8064au_firmware, and numerous others as detailed in the CVE data.

Mitigation & Remediation

Organizations should prioritize patching to the latest firmware versions provided by Qualcomm to remediate this vulnerability effectively. Configuration hardening and implementing network controls can also help mitigate the risks associated with this issue.

For organizations unable to apply patches immediately, it is recommended to implement monitoring solutions to detect any unusual activity related to Bluetooth services.

Continuous penetration testing can also validate the effectiveness of remediation measures.

Detection Guidance

Organizations should monitor logs for indicators of unusual Bluetooth activity that may indicate an attempt to exploit this vulnerability. Behavioral anomalies and network signatures related to Bluetooth communications should also be scrutinized.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2023-28588 lies in its reflection of the ongoing need for robust security measures in mobile and IoT devices utilizing Bluetooth technology. As device interconnectivity increases, the potential attack surface also expands.

Security teams must stay ahead of threats by implementing proactive measures and incorporating lessons learned from vulnerabilities such as this into their security strategies.

For further reading on vulnerability management and penetration testing, organizations may explore additional resources such as the vulnerability management program and penetration testing methodology guides.

Organizations should also consider integrating API security testing into their overall security assessments to ensure comprehensive coverage against evolving threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-28588: High Vulnerability in Qualcomm Bluetooth Host