Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
BID:104879
CVE-2018-5383 |Info
Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
| Bugtraq ID: | 104879 |
| Class: | Design Error |
| CVE: |
CVE-2018-5383 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2018 12:00AM |
| Updated: | Jul 23 2018 12:00AM |
| Credit: | Lior Neumann and Eli Biham. |
| Vulnerable: |
Intel Wireless-AC 9560 0 Intel Wireless-AC 9462 0 Intel Wireless-AC 9461 0 Intel Wireless-AC 9260 0 Intel Tri-Band Wireless-AC 18265 0 Intel Tri-Band Wireless-AC 18260 0 Intel Tri-Band Wireless-AC 17265 0 Intel Dual Band Wireless-N 7265 0 Intel Dual Band Wireless-N 7260 0 Intel Dual Band Wireless-AC 9260 20.0.2.3 Intel Dual Band Wireless-AC 9260 20.0.2.2 Intel Dual Band Wireless-AC 9260 20.0.0.0 Intel Dual Band Wireless-AC 8265 Desktop Kit 0 Intel Dual Band Wireless-AC 8265 0 Intel Dual Band Wireless-AC 8260 20.0.2.3 Intel Dual Band Wireless-AC 8260 20.0.2.2 Intel Dual Band Wireless-AC 8260 20.0.0.0 Intel Dual Band Wireless-AC 8260 0 Intel Dual Band Wireless-AC 7265 19.10 Intel Dual Band Wireless-AC 7265 19.51.7.20 Intel Dual Band Wireless-AC 7265 19.51.7.1 Intel Dual Band Wireless-AC 7265 19.51.0.0 Intel Dual Band Wireless-AC 7265 19.10.9.2 Intel Dual Band Wireless-AC 7265 19.10.9.1 Intel Dual Band Wireless-AC 7265 0 Intel Dual Band Wireless-AC 7260 for Desktop 0 Intel Dual Band Wireless-AC 7260 18.33.9.3 Intel Dual Band Wireless-AC 7260 18.33.9.2 Intel Dual Band Wireless-AC 7260 18.0.0.0 Intel Dual Band Wireless-AC 7260 0 Intel Dual Band Wireless-AC 3168 19.10 Intel Dual Band Wireless-AC 3168 19.51.7.20 Intel Dual Band Wireless-AC 3168 19.51.7.1 Intel Dual Band Wireless-AC 3168 19.51.0.0 Intel Dual Band Wireless-AC 3168 19.10.9.2 Intel Dual Band Wireless-AC 3168 19.10.9.1 Intel Dual Band Wireless-AC 3168 0 Intel Dual Band Wireless-AC 3165 19.10 Intel Dual Band Wireless-AC 3165 19.51.7.20 Intel Dual Band Wireless-AC 3165 19.51.7.1 Intel Dual Band Wireless-AC 3165 19.51.0.0 Intel Dual Band Wireless-AC 3165 19.10.9.2 Intel Dual Band Wireless-AC 3165 19.10.9.1 Intel Dual Band Wireless-AC 3165 0 Intel Dual Band Wireless-AC 3160 18.33.9.3 Intel Dual Band Wireless-AC 3160 18.33.9.2 Intel Dual Band Wireless-AC 3160 18.0.0.0 Intel Dual Band Wireless-AC 3160 0 Bluetooth Erratum 10734 0 Bluetooth Erratum 10395 0 Apple macOS 10.13.6 Apple macOS 10.13.1 Apple macOS 10.13.5 Apple macOS 10.13.4 Apple macOS 10.13.3 Apple macOS 10.13.2 Apple macOS 10.13 Apple Macbook Pro 0 Apple MacBook 0 |
| Not Vulnerable: |
Intel Wireless-N 7265 20.60 Intel Wireless-N 7260 20.60 Intel Wireless-AC 9560 20.60 Intel Wireless-AC 9462 20.60 Intel Wireless-AC 9461 20.60 Intel Wireless-AC 9260 20.60 Intel Tri-Band Wireless-AC 18265 20.60 Intel Tri-Band Wireless-AC 18260 20.60 Intel Tri-Band Wireless-AC 17265 20.60 Intel Dual Band Wireless-N 7265 20.60 Intel Dual Band Wireless-N 7260 20.60 Intel Dual Band Wireless-AC 8265 20.60 Intel Dual Band Wireless-AC 8260 20.60 Intel Dual Band Wireless-AC 7265 20.60 Intel Dual Band Wireless-AC 7260 for Desktop 20.60 Intel Dual Band Wireless-AC 7260 20.60 Intel Dual Band Wireless-AC 3168 20.60 Intel Dual Band Wireless-AC 3165 20.60 Intel Dual Band Wireless-AC 3160 20.60 Apple macOS 10.13.6 Security Update 2018 Apple macOS 10.13.5 Security Update 2018 |
Discussion
Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
Multiple Bluetooth drivers are prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and certain unauthorized actions, which will aid in further attacks.
Multiple Bluetooth drivers are prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and certain unauthorized actions, which will aid in further attacks.
Exploit / POC
Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
References:
References:
- Bluetooth Home Page (Bluetooth)
- Bluetooth SIG Security Update (Bluetooth)
- About the security content of macOS High Sierra 10.13.5, Security Update 2018-00 (Apple)
- About the security content of macOS High Sierra 10.13.6, Security Update 2018-00 (Apple)
- APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High S (Apple)
- APPLE-SA-2018-7-23-2 Additional information for APPLE-SA-2018-06-01-1 macOS High (Apple)
- Bluetooth pairing vulnerability (Intel)
- Vulnerability Note VU#304725 Bluetooth implementations may not sufficiently vali (CERT)