{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.13.6", "status": "affected", "version": "10.13 High Sierra", "versionType": "custom"}]}, {"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "11.4", "status": "affected", "version": "11", "versionType": "custom"}]}, {"product": "Android", "vendor": "Android Open Source Project", "versions": [{"lessThan": "2018-06-05 patch level", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"}], "datePublic": "2018-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-325", "description": "CWE-325", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-11T01:06:04", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.cs.technion.ac.il/~biham/BT/"}, {"name": "1041432", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041432"}, {"name": "VU#304725", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/304725"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"}, {"name": "104879", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104879"}, {"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"}, {"name": "RHSA-2019:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2169"}, {"name": "USN-4094-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4095-1/"}, {"name": "USN-4118-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "USN-4351-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4351-1/"}], "source": {"discovery": "UNKNOWN"}, "title": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2018-07-03T04:00:00.000Z", "ID": "CVE-2018-5383", "STATE": "PUBLIC", "TITLE": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "10.13 High Sierra", "version_value": "10.13.6"}]}}, {"product_name": "iOS", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "11", "version_value": "11.4"}]}}]}, "vendor_name": "Apple"}, {"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "2018-06-05 patch level"}]}}]}, "vendor_name": "Android Open Source Project"}]}}, "credit": [{"lang": "eng", "value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-325"}]}]}, "references": {"reference_data": [{"name": "http://www.cs.technion.ac.il/~biham/BT/", "refsource": "MISC", "url": "http://www.cs.technion.ac.il/~biham/BT/"}, {"name": "1041432", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041432"}, {"name": "VU#304725", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/304725"}, {"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update", "refsource": "CONFIRM", "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"}, {"name": "104879", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104879"}, {"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"}, {"name": "RHSA-2019:2169", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2169"}, {"name": "USN-4094-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4095-1/"}, {"name": "USN-4118-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "USN-4351-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4351-1/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.331Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cs.technion.ac.il/~biham/BT/"}, {"name": "1041432", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041432"}, {"name": "VU#304725", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/304725"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"}, {"name": "104879", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104879"}, {"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"}, {"name": "RHSA-2019:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2169"}, {"name": "USN-4094-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4095-1/"}, {"name": "USN-4118-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "USN-4351-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4351-1/"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2018-5383", "datePublished": "2018-08-07T21:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-16T20:36:44.114Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "618A2297-91F6-4533-B345-1620635CDA93", "versionEndExcluding": "11.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "089EFF21-6A9B-40E4-9154-44174E26D5B5", "versionEndExcluding": "10.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."}, {"lang": "es", "value": "El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podr\u00edan no validar lo suficiente par\u00e1metros de curva el\u00edptica empleados para generar claves p\u00fablicas durante un intercambio de claves Diffie-Hellman, lo que podr\u00eda permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo."}], "id": "CVE-2018-5383", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "cret@cert.org", "type": "Secondary"}]}, "published": "2018-08-07T21:29:00.287", "references": [{"source": "cret@cert.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "http://www.cs.technion.ac.il/~biham/BT/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104879"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041432"}, {"source": "cret@cert.org", "url": "https://access.redhat.com/errata/RHSA-2019:2169"}, {"source": "cret@cert.org", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4094-1/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4095-1/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4095-2/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4118-1/"}, {"source": "cret@cert.org", "url": "https://usn.ubuntu.com/4351-1/"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/304725"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-325"}], "source": "cret@cert.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2169", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "linux-firmware-0:20190429-72.gitddde598.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}], "bugzilla": {"description": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange", "id": "1614159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-325", "details": ["Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.", "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service."], "name": "CVE-2018-5383", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5383\nhttps://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html\nhttps://www.kb.cert.org/vuls/id/304725"], "threat_severity": "Important"}