CVE-2023-46447
Publication date 20 January 2024
Last updated 26 August 2025
Ubuntu priority
Description
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| python-asyncssh | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Notes
mdeslaur
This CVE was mentioned in the terrapin-attack.com advisory as affecting AsyncSSH, but the CVE number was a typo. This CVE does not affect AsyncSSH.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |