Vulnerability Description
The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensynergy | Blue Sdk | >= 3.2, <= 5.5.3 |
Related Weaknesses (CWE)
References
- https://www.cymotive.com/wp-content/uploads/2019/03/Hell2CAP-0day.pdfExploitThird Party Advisory
- https://www.opensynergy.com/news/security/bluesdk-advisory2018003/Vendor Advisory
- https://www.cymotive.com/wp-content/uploads/2019/03/Hell2CAP-0day.pdfExploitThird Party Advisory
- https://www.opensynergy.com/news/security/bluesdk-advisory2018003/Vendor Advisory
FAQ
What is CVE-2018-20378?
CVE-2018-20378 is a vulnerability with a CVSS score of 7.5 (HIGH). The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of ...
How severe is CVE-2018-20378?
CVE-2018-20378 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-20378?
Check the references section above for vendor advisories and patch information. Affected products include: Opensynergy Blue Sdk.