8

CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
GoogleAndroid Version7.0
GoogleAndroid Version7.1.1
GoogleAndroid Version7.1.2
GoogleAndroid Version8.0
GoogleAndroid Version8.1
AppleiPhone OS Version < 11.4
ApplemacOS X Version < 10.13
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.81% 0.733
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 1.6 5.2
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 4.3 5.5 4.9
AV:A/AC:M/Au:N/C:P/I:P/A:N
cret@cert.org 8 1.6 5.8
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE-325 Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

http://www.securitytracker.com/id/1041432
Third Party Advisory
VDB Entry
http://www.cs.technion.ac.il/~biham/BT/
Third Party Advisory
Mitigation
http://www.securityfocus.com/bid/104879
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/304725
Third Party Advisory
US Government Resource