CVE-2018-5383 - OpenCVE

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Iphone Os
Google	Android

Configuration 1 [-]

OR	cpe:2.3:o:google:android:6.0:::::::*
	cpe:2.3:o:google:android:6.0.1:::::::*
	cpe:2.3:o:google:android:7.0:::::::*
	cpe:2.3:o:google:android:7.1.1:::::::*
	cpe:2.3:o:google:android:7.1.2:::::::*
	cpe:2.3:o:google:android:8.0:::::::*
	cpe:2.3:o:google:android:8.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

References

Link	Resource
http://www.cs.technion.ac.il/~biham/BT/	Mitigation Third Party Advisory
http://www.securityfocus.com/bid/104879	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041432	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:2169
https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
https://usn.ubuntu.com/4094-1/
https://usn.ubuntu.com/4095-1/
https://usn.ubuntu.com/4095-2/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4351-1/
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update	Vendor Advisory
https://www.kb.cert.org/vuls/id/304725	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-03T00:00:00

Updated: 2020-05-11T01:06:04

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5383

JSON object: View

NVD Information

Status : Modified

Published: 2018-08-07T21:29:00.287

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-5383

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.13.6", "status": "affected", "version": "10.13 High Sierra", "versionType": "custom"}]}, {"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "11.4", "status": "affected", "version": "11", "versionType": "custom"}]}, {"product": "Android", "vendor": "Android Open Source Project", "versions": [{"lessThan": "2018-06-05 patch level", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"}], "datePublic": "2018-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-325", "description": "CWE-325", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-11T01:06:04", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.cs.technion.ac.il/~biham/BT/"}, {"name": "1041432", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041432"}, {"name": "VU#304725", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/304725"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"}, {"name": "104879", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104879"}, {"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"}, {"name": "RHSA-2019:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2169"}, {"name": "USN-4094-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4095-1/"}, {"name": "USN-4118-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "USN-4351-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4351-1/"}], "source": {"discovery": "UNKNOWN"}, "title": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2018-07-03T04:00:00.000Z", "ID": "CVE-2018-5383", "STATE": "PUBLIC", "TITLE": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "10.13 High Sierra", "version_value": "10.13.6"}]}}, {"product_name": "iOS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "11", "version_value": "11.4"}]}}]}, "vendor_name": "Apple"}, {"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "2018-06-05 patch level"}]}}]}, "vendor_name": "Android Open Source Project"}]}}, "credit": [{"lang": "eng", "value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-325"}]}]}, "references": {"reference_data": [{"name": "http://www.cs.technion.ac.il/~biham/BT/", "refsource": "MISC", "url": "http://www.cs.technion.ac.il/~biham/BT/"}, {"name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432"}, {"name": "VU#304725", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/304725"}, {"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update", "refsource": "CONFIRM", "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"}, {"name": "104879", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104879"}, {"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"}, {"name": "RHSA-2019:2169", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2169"}, {"name": "USN-4094-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4095-1/"}, {"name": "USN-4118-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "USN-4351-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4351-1/"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2018-5383", "datePublished": "2018-07-03T00:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2020-05-11T01:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "618A2297-91F6-4533-B345-1620635CDA93", "versionEndExcluding": "11.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "089EFF21-6A9B-40E4-9154-44174E26D5B5", "versionEndExcluding": "10.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."}, {"lang": "es", "value": "El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podr\u00edan no validar lo suficiente par\u00e1metros de curva el\u00edptica empleados para generar claves p\u00fablicas durante un intercambio de claves Diffie-Hellman, lo que podr\u00eda permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo."}], "id": "CVE-2018-5383", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "cret@cert.org", "type": "Secondary"}]}, "published": "2018-08-07T21:29:00.287", "references": [{"source": "cret@cert.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "http://www.cs.technion.ac.il/~biham/BT/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104879"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041432"}, {"source": "cret@cert.org", "url": "https://access.redhat.com/errata/RHSA-2019:2169"}, {"source": "cret@cert.org", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4094-1/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4095-1/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4095-2/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4118-1/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4351-1/"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/304725"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-325"}], "source": "cret@cert.org", "type": "Secondary"}]}