8.8

CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BroadcomBcm4335c0 Firmware Version2012-12-11
   BroadcomBcm4335c0 Version-
BroadcomBcm43438a1 Firmware Version2014-06-02
   BroadcomBcm43438a1 Version-
CypressCyw20702a1kwfbg Firmware Version-
   CypressCyw20702a1kwfbg Version-
CypressCyw20702a1kwfbgt Firmware Version-
   CypressCyw20702a1kwfbgt Version-
CypressCyw20702b0kwfbg Firmware Version-
   CypressCyw20702b0kwfbg Version-
CypressCyw20702b0kwfbgt Firmware Version-
   CypressCyw20702b0kwfbgt Version-
CypressCyw20705a1kwfbgt Firmware Version-
   CypressCyw20705a1kwfbgt Version-
CypressCyw20705b0kwfbg Firmware Version-
   CypressCyw20705b0kwfbg Version-
CypressCyw20705b0kwfbgt Firmware Version-
   CypressCyw20705b0kwfbgt Version-
CypressCyw20707a2kubgt Firmware Version-
   CypressCyw20707a2kubgt Version-
CypressCyw20730a1kfbg Firmware Version-
   CypressCyw20730a1kfbg Version-
CypressCyw20730a1kfbgt Firmware Version-
   CypressCyw20730a1kfbgt Version-
CypressCyw20730a1kml2g Firmware Version-
   CypressCyw20730a1kml2g Version-
CypressCyw20730a1kml2gt Firmware Version-
   CypressCyw20730a1kml2gt Version-
CypressCyw20730a1kmlg Firmware Version-
   CypressCyw20730a1kmlg Version-
CypressCyw20730a1kmlgt Firmware Version-
   CypressCyw20730a1kmlgt Version-
CypressCyw20730a2kfbg Firmware Version-
   CypressCyw20730a2kfbg Version-
CypressCyw20730a2kfbgt Firmware Version-
   CypressCyw20730a2kfbgt Version-
CypressCyw20730a2kml2g Firmware Version-
   CypressCyw20730a2kml2g Version-
CypressCyw20730a2kml2gt Firmware Version-
   CypressCyw20730a2kml2gt Version-
CypressCyw20733a1kfb1gt Firmware Version-
   CypressCyw20733a1kfb1gt Version-
CypressCyw20733a2kfb1g Firmware Version-
   CypressCyw20733a2kfb1g Version-
CypressCyw20733a2kfb1gt Firmware Version-
   CypressCyw20733a2kfb1gt Version-
CypressCyw20733a2kml1g Firmware Version-
   CypressCyw20733a2kml1g Version-
CypressCyw20733a2kml1gt Firmware Version-
   CypressCyw20733a2kml1gt Version-
CypressCyw20733a3kfb1g Firmware Version-
   CypressCyw20733a3kfb1g Version-
CypressCyw20733a3kfb1gt Firmware Version-
   CypressCyw20733a3kfb1gt Version-
CypressCyw20733a3kfb2gt Firmware Version-
   CypressCyw20733a3kfb2gt Version-
CypressCyw20733a3kml1g Firmware Version-
   CypressCyw20733a3kml1g Version-
CypressCyw20733a3kml1gt Firmware Version-
   CypressCyw20733a3kml1gt Version-
CypressCyw43438kubgt Firmware Version-
   CypressCyw43438kubgt Version-
CypressCyw4343w1kubgt Firmware Version-
   CypressCyw4343w1kubgt Version-
CypressCyw4343wkubgt Firmware Version-
   CypressCyw4343wkubgt Version-
CypressCyw4343wkwbgt Firmware Version-
   CypressCyw4343wkwbgt Version-
CypressCyw4354kkwbgt Firmware Version-
   CypressCyw4354kkwbgt Version-
CypressCyw4354xkubgt Firmware Version-
   CypressCyw4354xkubgt Version-
CypressCyw89071a1cubxgt Firmware Version-
   CypressCyw89071a1cubxgt Version-
CypressCyw89072brfb5g Firmware Version-
   CypressCyw89072brfb5g Version-
CypressCyw89072brfb5gt Firmware Version-
   CypressCyw89072brfb5gt Version-
CypressCyw89335l2cubgt Firmware Version-
   CypressCyw89335l2cubgt Version-
CypressCyw89335lcubgt Firmware Version-
   CypressCyw89335lcubgt Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.688
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.8 6.5 6.4
AV:A/AC:L/Au:N/C:P/I:P/A:P
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.