CVE-2018-5383

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

References

http://www.cs.technion.ac.il/~biham/BT/

http://www.securityfocus.com/bid/104879

http://www.securitytracker.com/id/1041432

https://access.redhat.com/errata/RHSA-2019:2169

https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html

https://usn.ubuntu.com/4094-1/

https://usn.ubuntu.com/4095-1/

https://usn.ubuntu.com/4095-2/

https://usn.ubuntu.com/4118-1/

https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update

https://www.kb.cert.org/vuls/id/304725

Details

Source: MITRE

Published: 2018-08-07

Updated: 2019-10-03

Type: CWE-347

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 5.5

Severity: MEDIUM

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
136400Ubuntu 16.04 LTS / 18.04 LTS : linux-firmware vulnerability (USN-4351-1)NessusUbuntu Local Security Checks
medium
132451NewStart CGSL CORE 5.05 / MAIN 5.05 : linux-firmware Vulnerability (NS-SA-2019-0251)NessusNewStart CGSL Local Security Checks
medium
129919NewStart CGSL CORE 5.04 / MAIN 5.04 : linux-firmware Vulnerability (NS-SA-2019-0204)NessusNewStart CGSL Local Security Checks
medium
128478Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)NessusUbuntu Local Security Checks
critical
128369CentOS 7 : linux-firmware (CESA-2019:2169)NessusCentOS Local Security Checks
medium
128239Scientific Linux Security Update : linux-firmware on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127890Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)NessusUbuntu Local Security Checks
high
127889Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)NessusUbuntu Local Security Checks
high
127690RHEL 7 : linux-firmware (RHSA-2019:2169)NessusRed Hat Local Security Checks
medium
700552Apple iOS < 12.0 Multiple Vulnerabilities (EFAIL, APPLE-SA-2018-9-24-4 and APPLE-SA-2018-10-30-8)Nessus Network MonitorMobile Devices
medium
700550Apple iOS < 11.4 Multiple Vulnerabilities (EFAIL)Nessus Network MonitorMobile Devices
high
700518macOS < 10.14 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
700517macOS 10.13.x < 10.13.6 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
700516macOS 10.13.x < 10.13.5 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
123567Debian DLA-1747-1 : firmware-nonfree security updateNessusDebian Local Security Checks
medium
122579openSUSE Security Update : kernel-firmware (openSUSE-2019-275)NessusSuSE Local Security Checks
medium
118178macOS < 10.14 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
117632Apple iOS < 12.0 Multiple Vulnerabilities (EFAIL)NessusMobile Devices
critical
117588Apple TV < 12 Multiple VulnerabilitiesNessusMisc.
medium
111137macOS 10.13.x < 10.13.6 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
111136macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-004)NessusMacOS X Local Security Checks
critical
110398Apple iOS < 11.4 Multiple Vulnerabilities (EFAIL)NessusMobile Devices
high
110325Apple TV < 11.4 Multiple VulnerabilitiesNessusMisc.
high
110324macOS 10.13.x < 10.13.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical