Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-5383

Published: 07/08/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 4.9 | Exploitability Score: 5.5
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 384
Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Google

Vulnerability Summary

Bluetooth firmware or operating system software drivers in macOS versions prior to 10.13, High Sierra and iOS versions prior to 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote malicious user to obtain the encryption key used by the device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android 8.0

google android 8.1

google android 6.0.1

google android 7.0

google android 7.1.1

google android 7.1.2

google android 6.0

apple iphone os

apple mac os x

Vendor Advisories

Red Hat: Important: linux-firmware security, bug fix, and enhancement update
Synopsis Important: linux-firmware security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for linux-firmware is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-firmware vulnerability
The system could be made to expose sensitive information ...
Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2018-5383
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices This may result in information disclosure, elevation of privilege and/or denial of service ...
HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability
HP has been notified of a security vulnerability in the Bluetooth pairing process potentially allowing an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network allowing them to intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices ...

Mailing Lists

Full Disclosure: APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 1014 <!--X-Subject-Header-End--> < ...
Full Disclosure: APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-0 ...
Full Disclosure: APPLE-SA-2018-9-24-4 Additional information for APPLE-SA-2018-9-17-1 iOS 12
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-9-24-4 Additional information for APPLE-SA-2018-9-17-1 iOS 12 <!--X-Subject-Header-End--> <!--X-Head-of- ...
Full Disclosure: APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 ...
Full Disclosure: APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 <!--X-Subject-Header-End--> <!--X-Head-of ...
Full Disclosure: APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High Sierra 10135, Security Update 2018-0 ...

Github Repositories

https://github.com/winterheart/broadcom-bt-firmware

Repository for various Broadcom Bluetooth firmware

Broadcom Bluetooth firmware for Linux kernel Overview This package intentended to provide firmware of Broadcom WIDCOMM® Bluetooth devices (including BCM20702, BCM20703, BCM43142 chipsets and other) for Linux kernel Since February 2017, Broadcom ships their drivers directly to Windows Update service They can be downloaded here Security considerations Recently several vul

https://github.com/AlexandrBing/broadcom-bt-firmware

Broadcom Bluetooth firmware for Linux kernel Overview This package intentended to provide firmware of Broadcom WIDCOMM® Bluetooth devices (including BCM20702, BCM20703, BCM43142 chipsets and other) for Linux kernel Since February 2017, Broadcom ships their drivers directly to Windows Update service They can be downloaded here Security considerations Recently several vul

Recent Articles

Big bad Bluetooth blunder bug battered – check for security fixes
The Register • Richard Chirgwin • 24 Jul 2018

Crypto cockup lets middle-people spy on connections after snooping on device pairing

With a bunch of security fixes released and more on the way, details have been made public of a Bluetooth bug that potentially allows miscreants to commandeer nearby devices. This Carnegie-Mellon CERT vulnerability advisory on Monday laid out the cryptographic flaw: firmware or operating system drivers skip a vital check during a Diffie-Hellman key exchange between devices. The impact: a nearby eavesdropper could “intercept and decrypt and/or forge and inject device messages” carried over Bl...

Read more...

References

CWE-347https://www.kb.cert.org/vuls/id/304725https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updatehttp://www.cs.technion.ac.il/~biham/BT/http://www.securitytracker.com/id/1041432http://www.securityfocus.com/bid/104879https://lists.debian.org/debian-lts-announce/2019/04/msg00005.htmlhttps://access.redhat.com/errata/RHSA-2019:2169https://usn.ubuntu.com/4094-1/https://usn.ubuntu.com/4095-2/https://usn.ubuntu.com/4095-1/https://usn.ubuntu.com/4118-1/https://usn.ubuntu.com/4351-1/https://access.redhat.com/errata/RHSA-2019:2169https://nvd.nist.govhttps://github.com/winterheart/broadcom-bt-firmwarehttps://www.kb.cert.org/vuls/id/304725
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook