Missing Cryptographic Step

CVE-2018-5383

Medium

6.8/10

Summary

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-325 - Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

References

Advisory Timeline

Published Aug 07, 2018

Missing Cryptographic Step

CVE-2018-5383

Summary

CWE-325 - Missing Cryptographic Step

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS