Vulnerability CVE-2018-19860

Vulnerability CVE-2018-19860

Published: 2019-06-07

Description:

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	6.4/10	6.5/10

Exploit range	Attack complexity	Authentication
Adjacent network	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Cypress -> Cyw20706ua1kffb1g firmware
Cypress -> Cyw20730a1kml2gt firmware
Cypress -> Cyw20733a3kml1gt firmware
Cypress -> Cyw20706ua1kffb1gt firmware
Cypress -> Cyw20730a1kmlg firmware
Cypress -> Cyw20734ua1kffb3g firmware
Cypress -> Cyw20706ua1kffb4g firmware
Cypress -> Cyw20730a1kmlgt firmware
Cypress -> Cyw20734ua1kffb3gt firmware
Cypress -> Cyw20702a1kwfbg firmware
Cypress -> Cyw20706ua2kffb4g firmware
Cypress -> Cyw20730a2kfbg firmware
Cypress -> Cyw20734ua2kffb3g firmware
Cypress -> Cyw20702a1kwfbgt firmware
Cypress -> Cyw20706ua2kffb4gt firmware
Cypress -> Cyw20730a2kfbgt firmware
Cypress -> Cyw20734ua2kffb3gt firmware
Cypress -> Cyw20702b0kwfbg firmware
Cypress -> Cyw20707a2kubgt firmware
Cypress -> Cyw20730a2kml2g firmware
Cypress -> Cyw43438kubgt firmware
Cypress -> Cyw20702b0kwfbgt firmware
Cypress -> Cyw20707ua1kffb1g firmware
Cypress -> Cyw20730a2kml2gt firmware
Cypress -> Cyw4343w1kubgt firmware
Cypress -> Cyw20703ua1kffb1g firmware
Cypress -> Cyw20707ua1kffb4g firmware
Cypress -> Cyw20733a1kfb1gt firmware
Cypress -> Cyw4343wkubgt firmware
Cypress -> Cyw20703ua1kffb1gt firmware
Cypress -> Cyw20707ua1kffb4gt firmware
Cypress -> Cyw20733a2kfb1g firmware
Cypress -> Cyw4343wkwbgt firmware
Cypress -> Cyw20704ua1kffb1g firmware
Cypress -> Cyw20707ua2kffb4g firmware
Cypress -> Cyw20733a2kfb1gt firmware
Cypress -> Cyw4354kkwbgt firmware
Cypress -> Cyw20704ua1kffb1gt firmware
Cypress -> Cyw20707ua2kffb4gt firmware
Cypress -> Cyw20733a2kml1g firmware
Cypress -> Cyw4354xkubgt firmware
Cypress -> Cyw20704ua2kffb1g firmware
Cypress -> Cyw20707va1pkwbgt firmware
Cypress -> Cyw20733a2kml1gt firmware
Cypress -> Cyw89071a1cubxgt firmware
Cypress -> Cyw20704ua2kffb1gt firmware
Cypress -> Cyw20707va2pkwbgt firmware
Cypress -> Cyw20733a3kfb1g firmware
Cypress -> Cyw89072brfb5g firmware
Cypress -> Cyw20705a1kwfbgt firmware
Cypress -> Cyw20730a1kfbg firmware
Cypress -> Cyw20733a3kfb1gt firmware
Cypress -> Cyw89072brfb5gt firmware
Cypress -> Cyw89335l2cubgt firmware
Cypress -> Cyw20705b0kwfbg firmware
Cypress -> Cyw20730a1kfbgt firmware
Cypress -> Cyw20733a3kfb2gt firmware
Cypress -> Cyw89335lcubgt firmware
Cypress -> Cyw20705b0kwfbgt firmware
Cypress -> Cyw20730a1kml2g firmware
Cypress -> Cyw20733a3kml1g firmware
Broadcom -> Bcm4335c0 firmware
Broadcom -> Bcm43438a1 firmware

References:

http://seclists.org/fulldisclosure/2019/Jul/22

https://source.android.com/security/bulletin/2019-05-01

https://support.apple.com/kb/HT210348

https://www.broadcom.com/support/resources/product-security-center

Vulnerability CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

CWE-264

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)

5.8/10

6.4/10

6.5/10

Adjacent network

Low

No required

Partial

Partial

Partial

Affected software

References: