CVE-2018-5383

MEDIUMMonitor

Published:Aug 7, 2018(7 years ago)

Modified:Mar 5, 2026

Adjacent NetworkNo Auth RequiredNo Interaction

Vulnerability Description

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Attack Characteristics

ADJACENT_NETWORKHigh ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
ti	wl18xx_bluetooth_service_pack	4.3	-
google	android	-	-
google	android	-

Timeline

Published
CVE disclosed publicly
Aug 7, 20187 years ago
Last Modified
Most recent update
Mar 5, 20262 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

http://www.cs.technion.ac.il/~biham/BT/Mitigation
http://www.securityfocus.com/bid/104879Third Party Advisory
http://www.securitytracker.com/id/1041432Third Party Advisory

CVSS Score

v3.1

6.8/ 10.0

MEDIUM

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

At a Glance

Affected Products

References

ti / wl18xx_bluetooth_service_pack

https://access.redhat.com/errata/RHSA-2019:2169Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00005.htmlMailing List

https://usn.ubuntu.com/4094-1/Third Party Advisory

https://usn.ubuntu.com/4095-1/Third Party Advisory

https://usn.ubuntu.com/4095-2/Third Party Advisory

https://usn.ubuntu.com/4118-1/Third Party Advisory

https://usn.ubuntu.com/4351-1/Third Party Advisory

https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-...Vendor Advisory

https://www.kb.cert.org/vuls/id/304725Third Party Advisory

http://www.cs.technion.ac.il/~biham/BT/Mitigation

http://www.securityfocus.com/bid/104879Third Party Advisory

http://www.securitytracker.com/id/1041432Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2169Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00005.htmlMailing List

https://usn.ubuntu.com/4094-1/Third Party Advisory

https://usn.ubuntu.com/4095-1/Third Party Advisory

https://usn.ubuntu.com/4095-2/Third Party Advisory

https://usn.ubuntu.com/4118-1/Third Party Advisory

https://usn.ubuntu.com/4351-1/Third Party Advisory

https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-...Vendor Advisory

https://www.kb.cert.org/vuls/id/304725Third Party Advisory

CVSS v3 Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability

Attack VectorAdjacent

Attack ComplexityHigh

Privileges RequiredNone

User InteractionNone

Impact

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityNone

Impact Analysis

ConfidentialityHigh

NoneLowHigh

IntegrityHigh

NoneLowHigh

AvailabilityNone

NoneLowHigh

CVE-2018-5383

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description