6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
64.2%
Recently, a security research expert in a certain Bluetooth device is found in a high-risk encryption Vulnerability CVE-2018-5383, and an unauthenticated attacker in physical proximity to the target device, this vulnerability will allow them to intercept, monitor or tamper with equipment of the network data.
! [](/Article/UploadPic/2018-7/2018727145039532. png? www. myhack58. com)
This Bluetooth vulnerability number CVE-2018-5383, affected including Apple, Broadcom, Intel and Qualcomm and other large manufacturers in the production of the device firmware as well as theoperating systemthe software driver, in addition to the vulnerabilities affect Android and Linux devices, which are currently still unknown.
The vulnerability primarily affects two kinds of Bluetooth function, the first is theoperating systemsoftware used for secure pairing of Bluetooth low energy LE achieved, and the second is the device firmware for secure simple pairing in BR/EDR implementation.
Bluetooth attack how to achieve?
According to the Bluetooth technology UnionοΌSIGοΌto disclose the information, the attack implemented is based on the attackerβs equipment needs in the two contain the vulnerability of the communication device within signal range, and the attack must be in the device during pairing. Attack the devices first need to intercept the communication parties to exchange key information, and then inject the malicious packets. Note that if the communicating parties have a piece of equipment does not exist for this vulnerability, the attacker will not succeed.
From the Israel Institute of technology researchers say, although the standardization organization of the provisions related to the Bluetooth implementation of the standard recommendations, but the standard does not force the two characteristics of the device in the pairing process of a public encryption key for verification. It is because of this standard is not mandatory, many manufacturers of Bluetooth products while supporting the above two Bluetooth function, but in the Diffie-Hellman key exchange process is not used to generate the public key elliptic curve parameters the effectiveness of the full validation.
In this case, the attacker can in the target device pairing initiated during the middle attack, and access to the device using the encryption key, so that they will be able to steal or tamper with the Inter-device encryption of communication data, and even the use of a malicious software infection involved in the communication target device.
! [](/Article/UploadPic/2018-7/2018727145039284. png? www. myhack58. com)
Apple, Qualcomm, Intel and Qualcomm and other manufacturers equipment are affected
Currently, Apple, Qualcomm, Intel and Qualcomm and other manufacturers are in the respective deviceβs Bluetooth chip found the vulnerability, but Google, Android and Linux there is still no confirmation that the vulnerability affects their products. Thankfully, Microsoft products are not affected by the vulnerability.
According to Intelβs description, the vulnerability will affect, a dual-band wireless AC, three-band wireless AC and other wireless AC series of products. But Intel has also said that their art has been a push of software and hardware patch to fix the problem.
In addition to the Intel addition, Apple also has to the customer to push a vulnerability patch, related update firmware version information: macOS High Sierra 10.13.5, iOS 11.4 and watchOS 4.3.1 and tvOS 11.4 in.
According to Broadcom company released the announcement, the companyβs certain supports Bluetooth 2. 1 of the product and the latest technology are likely to be affected by the vulnerability, but the company has now developed a related security vulnerability patch, and has been pushed to OEM customers.
6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
64.2%