Login Sign Up

CVE-2024-43770

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Android devices via Bluetooth Low Energy (BLE) without user interaction. It affects Android devices with vulnerable Bluetooth stacks, potentially compromising device integrity and data confidentiality.

💻 Affected Systems

Products:
  • Android devices with vulnerable Bluetooth stack implementation
Versions: Android versions prior to January 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Bluetooth to be enabled and within attacker proximity (typically within 10 meters).

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install malware, steal sensitive data, or maintain persistent access to the device.

🟠

Likely Case

Device crash or instability leading to denial of service, with potential for limited code execution in constrained environments.

🟢

If Mitigated

Minimal impact if Bluetooth is disabled or devices are not within attacker proximity, though risk remains for enabled devices.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires proximity to target device but no authentication or user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: January 2025 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-01-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install January 2025 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

Android

Turn off Bluetooth to prevent potential exploitation via this attack vector

adb shell settings put global bluetooth_on 0
Settings > Connected devices > Connection preferences > Bluetooth > Toggle off

🧯 If You Can't Patch

  • Disable Bluetooth completely in device settings
  • Implement network segmentation to isolate vulnerable devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'January 1, 2025' or later date

📡 Detection & Monitoring

Log Indicators:

  • Unusual Bluetooth connection attempts
  • GATT service discovery anomalies
  • System crashes in Bluetooth stack processes

Network Indicators:

  • Suspicious BLE traffic patterns
  • Multiple connection attempts from unknown devices

SIEM Query:

source="android_logs" AND (process="bluetooth" OR process="com.android.bluetooth") AND (event="crash" OR event="exception")

📊 Metadata

CVE ID: CVE-2024-43770
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.04% exploit probability (10.3th percentile)
Published: January 21, 2025
Last Updated: April 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43770, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)