CVE-2018-5383
6.8
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.6 / Impact: 5.2
Source: NVD
Description
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Affected (10)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.3 |
Related CWEs
CWE-325
Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
References (24)
Source: cret@cert.org
Third Party AdvisoryVDB EntryBroken Link
Source: cret@cert.org
Third Party AdvisoryVDB EntryBroken Link
Source: cret@cert.org
Vendor AdvisoryBroken Link
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB EntryBroken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB EntryBroken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor AdvisoryBroken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.