8

CVE-2018-5383

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
GoogleAndroid Version7.0
GoogleAndroid Version7.1.1
GoogleAndroid Version7.1.2
GoogleAndroid Version8.0
GoogleAndroid Version8.1
AppleiPhone OS Version < 11.4
ApplemacOS X Version < 10.13
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.8% 0.518
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 1.6 5.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 4.3 5.5 4.9
AV:A/AC:M/Au:N/C:P/I:P/A:N
cret@cert.org 8 1.6 5.8
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE-325 Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

http://www.securitytracker.com/id/1041432
Third Party Advisory
Broken Link
VDB Entry
https://usn.ubuntu.com/4094-1/
Third Party Advisory
https://usn.ubuntu.com/4118-1/
Third Party Advisory
http://www.cs.technion.ac.il/~biham/BT/
Third Party Advisory
Mitigation
http://www.securityfocus.com/bid/104879
Third Party Advisory
Broken Link
VDB Entry
https://access.redhat.com/errata/RHSA-2019:2169
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
Mailing List
https://usn.ubuntu.com/4095-1/
Third Party Advisory
https://usn.ubuntu.com/4095-2/
Third Party Advisory
https://usn.ubuntu.com/4351-1/
Third Party Advisory
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
Vendor Advisory
Broken Link
https://www.kb.cert.org/vuls/id/304725
Third Party Advisory