5.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.05 Low
EPSS
Percentile
92.9%
Texas Instruments CC2640 and CC2650 microcontrollers are vulnerable to a heap overflow and may allow unauthenticated firmware installation.
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffe****r
CVE-2018-16986 - also known as BLEEDINGBIT
The following Texas Instrument chips are affected:
CVE-2018-7080 - also known as BLEEDINGBIT
The following Texas Instruments devices are affected if the Over the Air firmware Download (OAD) feature is enabled and not sufficiently secured:
Using a specially crafted set of packets, an attacker can both control the data of the overflow, and the length of it, which may lead to remote code execution on the targeted BLE chip. An attacker needs to be within physical proximity to the device while it is in scanning mode to trigger vulnerable code. This memory corruption can lead to code execution on the main CPU of the device, which could have the potential to affect other devices across a network if the origin is a networked device. An attacker could also exploit this vulnerability to rewrite the operating system of a device and gain full control over it.
Given the nature of embedded devices, it is possible that a broader set of devices are impacted than what is listed in this publication. If you believe you are affected, please email us at [email protected].
Update the BLE-Stack
This vulnerability was patched in BLE-Stack v2.2.2 released by Texas Instruments on March 28, 2018. Affected devices will require a firmware update to obtain the updated BLE-Stack.
Do not use the OAD feature in production
The OAD featrure is never meant to be used in production, so manufacturers should ensure that this feature is not enabled by default in live environments.
317277
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 12, 2018 Updated: October 19, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: November 02, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 19, 2018 Updated: October 19, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 30, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 19, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 22, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 19, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 19, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 19, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 19, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 19, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: November 02, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 12, 2018 Updated: October 12, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 159 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 7.9 | AV:A/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 6.2 | E:POC/RL:OF/RC:C |
Environmental | 4.6 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND |
We would like to thank Ben Seri at Armis for reporting this vulnerability.
This document was written by Madison Oliver.
CVE IDs: | CVE-2018-16986, CVE-2018-7080 |
---|---|
Date Public: | 2018-11-01 Date First Published: |
dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_2_30_00_28/docs/blestack/ble_user_guide/html/ble3-stack-oad/index-ble3-cc2640.html
software-dl.ti.com/lprf/ble_stack/exports/release_notes_BLE_Stack_2_2_2.html
armis.com/bleedingbit/
cwe.mitre.org/data/definitions/119.html
www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt
5.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.05 Low
EPSS
Percentile
92.9%