CVE-2018-19860

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-19860
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/fulldisclosure/2019/Aug/11
http://seclists.org/fulldisclosure/2019/Jul/22
https://seclists.org/bugtraq/2019/Aug/21
https://source.android.com/security/bulletin/2019-05-01 Third Party Advisory
https://support.apple.com/kb/HT210348
https://www.broadcom.com/support/resources/product-security-center Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:broadcom:bcm4335c0_firmware:2012-12-11:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:bcm4335c0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:broadcom:bcm43438a1_firmware:2014-06-02:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:bcm43438a1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cypress:cyw20702a1kwfbg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20702a1kwfbg:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cypress:cyw20702a1kwfbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20702a1kwfbgt:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:cypress:cyw20702b0kwfbg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20702b0kwfbg:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:cypress:cyw20702b0kwfbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20702b0kwfbgt:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:cypress:cyw20703ua1kffb1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20703ua1kffb1g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:cypress:cyw20703ua1kffb1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20703ua1kffb1gt:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:cypress:cyw20704ua1kffb1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20704ua1kffb1g:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:cypress:cyw20704ua1kffb1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20704ua1kffb1gt:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:cypress:cyw20704ua2kffb1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20704ua2kffb1g:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:cypress:cyw20704ua2kffb1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20704ua2kffb1gt:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:cypress:cyw20705a1kwfbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20705a1kwfbgt:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:cypress:cyw20705b0kwfbg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20705b0kwfbg:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:cypress:cyw20705b0kwfbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20705b0kwfbgt:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:cypress:cyw20706ua1kffb1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20706ua1kffb1g:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:cypress:cyw20706ua1kffb1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20706ua1kffb1gt:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:cypress:cyw20706ua1kffb4g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20706ua1kffb4g:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:cypress:cyw20706ua2kffb4g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20706ua2kffb4g:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:cypress:cyw20706ua2kffb4gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20706ua2kffb4gt:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:cypress:cyw20707a2kubgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707a2kubgt:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:cypress:cyw20707ua1kffb1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707ua1kffb1g:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:cypress:cyw20707ua1kffb4g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707ua1kffb4g:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:cypress:cyw20707ua1kffb4gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707ua1kffb4gt:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:cypress:cyw20707ua2kffb4g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707ua2kffb4g:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:cypress:cyw20707ua2kffb4gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707ua2kffb4gt:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:cypress:cyw20707va1pkwbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707va1pkwbgt:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:cypress:cyw20707va2pkwbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20707va2pkwbgt:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:cypress:cyw20730a1kfbg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a1kfbg:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:cypress:cyw20730a1kfbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a1kfbgt:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:cypress:cyw20730a1kml2g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a1kml2g:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:cypress:cyw20730a1kml2gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a1kml2gt:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:cypress:cyw20730a1kmlg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a1kmlg:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:cypress:cyw20730a1kmlgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a1kmlgt:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:cypress:cyw20730a2kfbg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a2kfbg:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:cypress:cyw20730a2kfbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a2kfbgt:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:cypress:cyw20730a2kml2g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a2kml2g:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:cypress:cyw20730a2kml2gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20730a2kml2gt:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:cypress:cyw20733a1kfb1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a1kfb1gt:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:cypress:cyw20733a2kfb1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a2kfb1g:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:cypress:cyw20733a2kfb1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a2kfb1gt:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:cypress:cyw20733a2kml1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a2kml1g:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:cypress:cyw20733a2kml1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a2kml1gt:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND
cpe:2.3:o:cypress:cyw20733a3kfb1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a3kfb1g:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND
cpe:2.3:o:cypress:cyw20733a3kfb1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a3kfb1gt:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND
cpe:2.3:o:cypress:cyw20733a3kfb2gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a3kfb2gt:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND
cpe:2.3:o:cypress:cyw20733a3kml1g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a3kml1g:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND
cpe:2.3:o:cypress:cyw20733a3kml1gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20733a3kml1gt:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND
cpe:2.3:o:cypress:cyw20734ua1kffb3g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20734ua1kffb3g:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND
cpe:2.3:o:cypress:cyw20734ua1kffb3gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20734ua1kffb3gt:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND
cpe:2.3:o:cypress:cyw20734ua2kffb3g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20734ua2kffb3g:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND
cpe:2.3:o:cypress:cyw20734ua2kffb3gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw20734ua2kffb3gt:-:*:*:*:*:*:*:*

Configuration 53 (hide)

AND
cpe:2.3:o:cypress:cyw43438kubgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw43438kubgt:-:*:*:*:*:*:*:*

Configuration 54 (hide)

AND
cpe:2.3:o:cypress:cyw4343w1kubgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw4343w1kubgt:-:*:*:*:*:*:*:*

Configuration 55 (hide)

AND
cpe:2.3:o:cypress:cyw4343wkubgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw4343wkubgt:-:*:*:*:*:*:*:*

Configuration 56 (hide)

AND
cpe:2.3:o:cypress:cyw4343wkwbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw4343wkwbgt:-:*:*:*:*:*:*:*

Configuration 57 (hide)

AND
cpe:2.3:o:cypress:cyw4354kkwbgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw4354kkwbgt:-:*:*:*:*:*:*:*

Configuration 58 (hide)

AND
cpe:2.3:o:cypress:cyw4354xkubgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw4354xkubgt:-:*:*:*:*:*:*:*

Configuration 59 (hide)

AND
cpe:2.3:o:cypress:cyw89071a1cubxgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw89071a1cubxgt:-:*:*:*:*:*:*:*

Configuration 60 (hide)

AND
cpe:2.3:o:cypress:cyw89072brfb5g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw89072brfb5g:-:*:*:*:*:*:*:*

Configuration 61 (hide)

AND
cpe:2.3:o:cypress:cyw89072brfb5gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw89072brfb5gt:-:*:*:*:*:*:*:*

Configuration 62 (hide)

AND
cpe:2.3:o:cypress:cyw89335l2cubgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw89335l2cubgt:-:*:*:*:*:*:*:*

Configuration 63 (hide)

AND
cpe:2.3:o:cypress:cyw89335lcubgt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cypress:cyw89335lcubgt:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-06-07 17:29

Updated : 2024-02-28 17:08

NVD link : CVE-2018-19860

Mitre link : CVE-2018-19860

CVE.ORG link : CVE-2018-19860

JSON object : View

Products Affected

cypress

  • cyw20707ua1kffb4gt
  • cyw20706ua2kffb4g
  • cyw20730a2kfbgt
  • cyw20733a2kfb1g_firmware
  • cyw89072brfb5gt
  • cyw20733a3kml1g_firmware
  • cyw20730a1kfbgt_firmware
  • cyw20730a2kml2g_firmware
  • cyw20730a2kml2gt_firmware
  • cyw20733a2kml1gt_firmware
  • cyw20707va1pkwbgt
  • cyw20733a3kml1gt_firmware
  • cyw20704ua2kffb1gt_firmware
  • cyw20733a3kfb1g_firmware
  • cyw20707ua2kffb4gt_firmware
  • cyw20733a3kfb1gt_firmware
  • cyw20734ua1kffb3gt_firmware
  • cyw4343wkwbgt
  • cyw20730a2kml2gt
  • cyw89072brfb5g_firmware
  • cyw20730a1kfbgt
  • cyw20705a1kwfbgt
  • cyw20707a2kubgt_firmware
  • cyw20705b0kwfbg
  • cyw20704ua1kffb1g_firmware
  • cyw20730a1kmlg_firmware
  • cyw20733a2kfb1g
  • cyw20734ua2kffb3g_firmware
  • cyw20734ua2kffb3gt_firmware
  • cyw20730a2kml2g
  • cyw20707ua1kffb4g
  • cyw20702b0kwfbg_firmware
  • cyw20705b0kwfbgt
  • cyw20706ua2kffb4gt
  • cyw20702a1kwfbgt
  • cyw20703ua1kffb1gt
  • cyw20707ua1kffb1g
  • cyw20707ua2kffb4g
  • cyw20730a1kmlg
  • cyw20730a2kfbg
  • cyw20734ua2kffb3gt
  • cyw43438kubgt
  • cyw4354xkubgt_firmware
  • cyw20704ua2kffb1gt
  • cyw20707ua2kffb4gt
  • cyw20702a1kwfbg
  • cyw4354xkubgt
  • cyw20733a2kfb1gt_firmware
  • cyw20707a2kubgt
  • cyw43438kubgt_firmware
  • cyw20702b0kwfbg
  • cyw4343w1kubgt_firmware
  • cyw20705b0kwfbg_firmware
  • cyw20707ua1kffb4gt_firmware
  • cyw20704ua1kffb1gt_firmware
  • cyw20730a2kfbgt_firmware
  • cyw20703ua1kffb1g
  • cyw20706ua1kffb1gt_firmware
  • cyw4343wkubgt
  • cyw4354kkwbgt_firmware
  • cyw20706ua1kffb1g
  • cyw20707va2pkwbgt_firmware
  • cyw89335lcubgt_firmware
  • cyw20730a1kfbg_firmware
  • cyw20706ua1kffb4g
  • cyw20704ua1kffb1g
  • cyw20706ua1kffb4g_firmware
  • cyw20707ua1kffb1g_firmware
  • cyw20734ua1kffb3gt
  • cyw20706ua1kffb1g_firmware
  • cyw20705b0kwfbgt_firmware
  • cyw20733a3kfb2gt
  • cyw4343w1kubgt
  • cyw20702a1kwfbgt_firmware
  • cyw20705a1kwfbgt_firmware
  • cyw20704ua1kffb1gt
  • cyw20730a2kfbg_firmware
  • cyw20733a3kfb1g
  • cyw89335l2cubgt_firmware
  • cyw89072brfb5gt_firmware
  • cyw20702b0kwfbgt_firmware
  • cyw20707va1pkwbgt_firmware
  • cyw20733a2kml1g
  • cyw20706ua2kffb4g_firmware
  • cyw89335l2cubgt
  • cyw20730a1kml2gt
  • cyw20730a1kmlgt
  • cyw20733a3kfb2gt_firmware
  • cyw89335lcubgt
  • cyw20707va2pkwbgt
  • cyw20733a3kml1gt
  • cyw20733a1kfb1gt_firmware
  • cyw20730a1kml2g
  • cyw20707ua1kffb4g_firmware
  • cyw4343wkubgt_firmware
  • cyw20733a2kfb1gt
  • cyw20702a1kwfbg_firmware
  • cyw20734ua1kffb3g
  • cyw20704ua2kffb1g_firmware
  • cyw20733a1kfb1gt
  • cyw20706ua1kffb1gt
  • cyw20734ua2kffb3g
  • cyw20730a1kmlgt_firmware
  • cyw20703ua1kffb1gt_firmware
  • cyw20703ua1kffb1g_firmware
  • cyw20730a1kfbg
  • cyw20702b0kwfbgt
  • cyw20733a2kml1gt
  • cyw20734ua1kffb3g_firmware
  • cyw4354kkwbgt
  • cyw89071a1cubxgt
  • cyw20730a1kml2g_firmware
  • cyw20733a2kml1g_firmware
  • cyw89072brfb5g
  • cyw20733a3kfb1gt
  • cyw20704ua2kffb1g
  • cyw4343wkwbgt_firmware
  • cyw89071a1cubxgt_firmware
  • cyw20730a1kml2gt_firmware
  • cyw20733a3kml1g
  • cyw20707ua2kffb4g_firmware
  • cyw20706ua2kffb4gt_firmware

broadcom

  • bcm43438a1
  • bcm43438a1_firmware
  • bcm4335c0
  • bcm4335c0_firmware
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource