1. Home
  2. CVE Database
  3. CVE-2018-19860
HIGH · 8.8

CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain mem...

Vulnerability Description

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
BroadcomBcm4335C0 Firmware2012-12-11
BroadcomBcm4335C0-
BroadcomBcm43438A1 Firmware2014-06-02
BroadcomBcm43438A1-
CypressCyw20702A1Kwfbg Firmware-
CypressCyw20702A1Kwfbg-
CypressCyw20702A1Kwfbgt Firmware-
CypressCyw20702A1Kwfbgt-
CypressCyw20702B0Kwfbg Firmware-
CypressCyw20702B0Kwfbg-
CypressCyw20702B0Kwfbgt Firmware-
CypressCyw20702B0Kwfbgt-
CypressCyw20703Ua1Kffb1G Firmware-
CypressCyw20703Ua1Kffb1G-
CypressCyw20703Ua1Kffb1Gt Firmware-
CypressCyw20703Ua1Kffb1Gt-
CypressCyw20704Ua1Kffb1G Firmware-
CypressCyw20704Ua1Kffb1G-
CypressCyw20704Ua1Kffb1Gt Firmware-
CypressCyw20704Ua1Kffb1Gt-

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2018-19860?

CVE-2018-19860 is a vulnerability with a CVSS score of 8.8 (HIGH). Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain mem...

How severe is CVE-2018-19860?

CVE-2018-19860 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19860?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Bcm4335C0 Firmware, Broadcom Bcm4335C0, Broadcom Bcm43438A1 Firmware, Broadcom Bcm43438A1, Cypress Cyw20702A1Kwfbg Firmware.