CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
68.7%
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Vendor | Product | Version | CPE |
---|---|---|---|
android | 6.0 | cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:* | |
android | 6.0.1 | cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:* | |
android | 7.0 | cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:* | |
android | 7.1.1 | cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:* | |
android | 7.1.2 | cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:* | |
android | 8.0 | cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:* | |
android | 8.1 | cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:* | |
apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
[
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.13.6",
"status": "affected",
"version": "10.13 High Sierra",
"versionType": "custom"
}
]
},
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.4",
"status": "affected",
"version": "11",
"versionType": "custom"
}
]
},
{
"product": "Android",
"vendor": "Android Open Source Project",
"versions": [
{
"lessThan": "2018-06-05 patch level",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]
www.cs.technion.ac.il/~biham/BT/
www.securityfocus.com/bid/104879
www.securitytracker.com/id/1041432
access.redhat.com/errata/RHSA-2019:2169
lists.debian.org/debian-lts-announce/2019/04/msg00005.html
usn.ubuntu.com/4094-1/
usn.ubuntu.com/4095-1/
usn.ubuntu.com/4095-2/
usn.ubuntu.com/4118-1/
usn.ubuntu.com/4351-1/
www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
www.kb.cert.org/vuls/id/304725
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
68.7%