Executive Summary
Summary | |
---|---|
Title | Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange |
Informations | |||
---|---|---|---|
Name | VU#304725 | First vendor Publication | 2018-07-23 |
Vendor | VU-CERT | Last vendor Modification | 2018-08-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Adjacent network |
Cvss Impact Score | 4.9 | Attack Complexity | Medium |
Cvss Expoit Score | 5.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#304725Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchangeOverviewBluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Lior Neumann and Eli Biham of the Techion Israel Institute of Technology for reporting this vulnerability. This document was written by Garret Wassermann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/304725 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-347 | Improper Verification of Cryptographic Signature |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-10-18 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_14.nasl - Type : ACT_GATHER_INFO |
2018-09-18 | Name : The remote Apple TV device is affected by multiple vulnerabilities. File : appletv_12.nasl - Type : ACT_GATHER_INFO |
2018-07-17 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_13_6.nasl - Type : ACT_GATHER_INFO |
2018-07-17 | Name : The remote host is missing a macOS or Mac OS X security update that fixes mul... File : macosx_SecUpd2018-004.nasl - Type : ACT_GATHER_INFO |
2018-06-05 | Name : The remote Apple TV device is affected by multiple vulnerabilities. File : appletv_11_4.nasl - Type : ACT_GATHER_INFO |
2018-06-05 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_13_5.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-10-18 21:22:57 |
|
2018-08-18 00:18:48 |
|
2018-08-08 00:21:15 |
|
2018-07-30 21:18:39 |
|
2018-07-25 21:18:36 |
|
2018-07-24 05:17:08 |
|
2018-07-23 21:18:37 |
|
2018-07-23 17:18:19 |
|