Vulnerability CVE-2018-19860


Published: 2019-06-07

Description:
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
6.4/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Cypress -> Cyw20706ua1kffb1g firmware 
Cypress -> Cyw20730a1kml2gt firmware 
Cypress -> Cyw20733a3kml1gt firmware 
Cypress -> Cyw20706ua1kffb1gt firmware 
Cypress -> Cyw20730a1kmlg firmware 
Cypress -> Cyw20734ua1kffb3g firmware 
Cypress -> Cyw20706ua1kffb4g firmware 
Cypress -> Cyw20730a1kmlgt firmware 
Cypress -> Cyw20734ua1kffb3gt firmware 
Cypress -> Cyw20702a1kwfbg firmware 
Cypress -> Cyw20706ua2kffb4g firmware 
Cypress -> Cyw20730a2kfbg firmware 
Cypress -> Cyw20734ua2kffb3g firmware 
Cypress -> Cyw20702a1kwfbgt firmware 
Cypress -> Cyw20706ua2kffb4gt firmware 
Cypress -> Cyw20730a2kfbgt firmware 
Cypress -> Cyw20734ua2kffb3gt firmware 
Cypress -> Cyw20702b0kwfbg firmware 
Cypress -> Cyw20707a2kubgt firmware 
Cypress -> Cyw20730a2kml2g firmware 
Cypress -> Cyw43438kubgt firmware 
Cypress -> Cyw20702b0kwfbgt firmware 
Cypress -> Cyw20707ua1kffb1g firmware 
Cypress -> Cyw20730a2kml2gt firmware 
Cypress -> Cyw4343w1kubgt firmware 
Cypress -> Cyw20703ua1kffb1g firmware 
Cypress -> Cyw20707ua1kffb4g firmware 
Cypress -> Cyw20733a1kfb1gt firmware 
Cypress -> Cyw4343wkubgt firmware 
Cypress -> Cyw20703ua1kffb1gt firmware 
Cypress -> Cyw20707ua1kffb4gt firmware 
Cypress -> Cyw20733a2kfb1g firmware 
Cypress -> Cyw4343wkwbgt firmware 
Cypress -> Cyw20704ua1kffb1g firmware 
Cypress -> Cyw20707ua2kffb4g firmware 
Cypress -> Cyw20733a2kfb1gt firmware 
Cypress -> Cyw4354kkwbgt firmware 
Cypress -> Cyw20704ua1kffb1gt firmware 
Cypress -> Cyw20707ua2kffb4gt firmware 
Cypress -> Cyw20733a2kml1g firmware 
Cypress -> Cyw4354xkubgt firmware 
Cypress -> Cyw20704ua2kffb1g firmware 
Cypress -> Cyw20707va1pkwbgt firmware 
Cypress -> Cyw20733a2kml1gt firmware 
Cypress -> Cyw89071a1cubxgt firmware 
Cypress -> Cyw20704ua2kffb1gt firmware 
Cypress -> Cyw20707va2pkwbgt firmware 
Cypress -> Cyw20733a3kfb1g firmware 
Cypress -> Cyw89072brfb5g firmware 
Cypress -> Cyw20705a1kwfbgt firmware 
Cypress -> Cyw20730a1kfbg firmware 
Cypress -> Cyw20733a3kfb1gt firmware 
Cypress -> Cyw89072brfb5gt firmware 
Cypress -> Cyw20705b0kwfbg firmware 
Cypress -> Cyw20730a1kfbgt firmware 
Cypress -> Cyw20733a3kfb2gt firmware 
Cypress -> Cyw89335l2cubgt firmware 
Cypress -> Cyw20705b0kwfbgt firmware 
Cypress -> Cyw20730a1kml2g firmware 
Cypress -> Cyw20733a3kml1g firmware 
Cypress -> Cyw89335lcubgt firmware 
Broadcom -> Bcm4335c0 firmware 
Broadcom -> Bcm43438a1 firmware 

 References:
http://seclists.org/fulldisclosure/2019/Jul/22
https://source.android.com/security/bulletin/2019-05-01
https://support.apple.com/kb/HT210348
https://www.broadcom.com/support/resources/product-security-center

Copyright 2022, cxsecurity.com

 

Back to Top