Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-5383
PUBLISHED
More InfoOfficial Page
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
View Known Exploited Vulnerability (KEV) details
Published At-07 Aug, 2018 | 21:00
Updated At-16 Sep, 2024 | 20:36
Rejected At-
▼CVE Numbering Authority (CNA)
Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Affected Products
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From 10.13 High Sierra before 10.13.6 (custom)
Vendor
Apple Inc.Apple
Product
iOS
Versions
Affected
  • From 11 before 11.4 (custom)
Vendor
AndroidAndroid Open Source Project
Product
Android
Versions
Affected
  • From unspecified before 2018-06-05 patch level (custom)
Problem Types
TypeCWE IDDescription
CWECWE-325CWE-325
Metrics
VersionBase scoreBase severityVector
3.08.0HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Lior Neumann and Eli Biham of the Techion Israel Institute of Technology
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.cs.technion.ac.il/~biham/BT/
x_refsource_MISC
http://www.securitytracker.com/id/1041432
vdb-entry
x_refsource_SECTRACK
https://www.kb.cert.org/vuls/id/304725
third-party-advisory
x_refsource_CERT-VN
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104879
vdb-entry
x_refsource_BID
https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
mailing-list
x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2169
vendor-advisory
x_refsource_REDHAT
https://usn.ubuntu.com/4094-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4095-2/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4095-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4118-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4351-1/
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.cs.technion.ac.il/~biham/BT/
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id/1041432
vdb-entry
x_refsource_SECTRACK
x_transferred
https://www.kb.cert.org/vuls/id/304725
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/104879
vdb-entry
x_refsource_BID
x_transferred
https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
mailing-list
x_refsource_MLIST
x_transferred
https://access.redhat.com/errata/RHSA-2019:2169
vendor-advisory
x_refsource_REDHAT
x_transferred
https://usn.ubuntu.com/4094-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4095-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4095-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4118-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4351-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
Details not found