CVE-2018-5383 — MEDIUM (6.8)

Q: How severe is CVE-2018-5383?

CVE-2018-5383 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-5383?

Check the references section above for vendor advisories and patch information. Affected products include: Ti Wl18Xx Bluetooth Service Pack, Google Android, Apple Iphone Os, Apple Mac Os X.

Vulnerability Description

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ti	Wl18Xx Bluetooth Service Pack	< 4.3
Google	Android	6.0
Apple	Iphone Os	< 11.4
Apple	Mac Os X	< 10.13

Related Weaknesses (CWE)

CWE-347 CWE-325

References

http://www.cs.technion.ac.il/~biham/BT/MitigationThird Party Advisory
http://www.securityfocus.com/bid/104879Third Party AdvisoryVDB EntryBroken Link
http://www.securitytracker.com/id/1041432Third Party AdvisoryVDB EntryBroken Link
https://access.redhat.com/errata/RHSA-2019:2169Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00005.htmlMailing List
https://usn.ubuntu.com/4094-1/Third Party Advisory
https://usn.ubuntu.com/4095-1/Third Party Advisory
https://usn.ubuntu.com/4095-2/Third Party Advisory
https://usn.ubuntu.com/4118-1/Third Party Advisory
https://usn.ubuntu.com/4351-1/Third Party Advisory
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateVendor AdvisoryBroken Link
https://www.kb.cert.org/vuls/id/304725Third Party Advisory
http://www.cs.technion.ac.il/~biham/BT/MitigationThird Party Advisory
http://www.securityfocus.com/bid/104879Third Party AdvisoryVDB EntryBroken Link
http://www.securitytracker.com/id/1041432Third Party AdvisoryVDB EntryBroken Link

FAQ

What is CVE-2018-5383?

CVE-2018-5383 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently ...

How severe is CVE-2018-5383?

CVE-2018-5383 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5383?

Check the references section above for vendor advisories and patch information. Affected products include: Ti Wl18Xx Bluetooth Service Pack, Google Android, Apple Iphone Os, Apple Mac Os X.