cbcvebase.
CVE-2018-5383
published 2018-08-07

CVE-2018-5383: Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before…

PriorityP184medium6.8CVSS 3.1
AVAACHPRNUINSUCHIHAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
0.80%
52.0th percentile
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Affected

25 ranges
VendorProductVersion rangeFixed in
android_open_source_projectandroid>= unspecified < 2018-06-05 patch level2018-06-05 patch level
appleios
appleios
appleios>= 11 < 11.411.4
appleiphone_os< 11.411.4
applemac_os_x< 10.1310.13
applemacos>= 10.13 High Sierra < 10.13.610.13.6
applemacos_high_sierra_10.13.5_security_update_2018-003_sierra_security_update_2018-0
applemacos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0
applemacos_mojave
appletvos
appletvos
applewatchos
debianfirmware-nonfree< firmware-nonfree 20190114-1 (bookworm)firmware-nonfree 20190114-1 (bookworm)
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
linuxlinux_kernel>= 0 < 4.4.0-159.1874.4.0-159.187
linuxlinux_kernel>= 0 < 4.15.0-58.644.15.0-58.64
tiwl18xx_bluetooth_service_pack< 4.34.3

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-5383 is exploitable by an attacker within physical proximity (within 30 meters) who can intercept and forge Bluetooth pairing messages during ECDH key exchange — monitor for unexpected or repeated Bluetooth pairing attempts between devices, especially without user interaction
  • The InternalBlue framework (https://github.com/seemoo-lab/internalblue) includes a demo/test for this ECDH pairing vulnerability and can be used to validate whether a Broadcom Bluetooth chipset is susceptible
  • Affected component is Bluetooth input validation during pairing; Apple patched this in macOS High Sierra 10.13.6 / macOS Mojave 10.14 and iOS 11.4 — unpatched Apple devices running macOS before 10.13 or iOS before 11.4 are vulnerable
  • Android devices without the 2018-06-05 security patch are vulnerable; check Android security patch level on managed devices for dates prior to 2018-06-05
  • Red Hat Enterprise MRG 2 linux-firmware package is listed as Affected; patch or mitigate Bluetooth on those hosts
  • ·Windows devices were not affected by CVE-2018-5383 at the time of disclosure because they were still using an older, less-secure version of the Bluetooth pairing protocol that did not implement the vulnerable ECDH exchange
  • ·The vulnerability requires the attacker to be within Bluetooth radio range (~30 metres standard, potentially extended with directional antenna); it is not remotely exploitable over the internet
  • ·Red Hat Enterprise Linux 8, 9, and Red Hat Virtualization 4 linux-firmware packages are NOT affected; only Red Hat Enterprise MRG 2 linux-firmware is listed as Affected

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv3.08.0HIGHCVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
nvdv2.04.3MEDIUMAV:A/AC:M/Au:N/C:P/I:P/A:N
osv6.8MEDIUM
vulncheck6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.