Executive Summary
Summary | |
---|---|
Title | Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20181101-ap | First vendor Publication | 2018-11-01 |
Vendor | Cisco | Last vendor Modification | 2018-11-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.8 | Attack Range | Adjacent network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
On November 1st, 2018, Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2018-16986. The vulnerability is due to a memory corruption condition that may occur when processing malformed BLE frames. An attacker in close proximity to an affected device that is actively scanning could exploit the issue by broadcasting malformed BLE frames. A successful exploit may result in the attacker gaining the ability to execute arbitrary code or cause a denial of service condition on an affected device. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJb2xllXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczIREP/2/Xt0jz+ViZtPkmmadXQGYDpFXu 5e4UY80bw6JyrVzC0TkovHyEMbMPtNTItknVHnWQ02kNcPATJdXqxUFRaIWGYox +IHkJBuTB9XQds6Yh4zRcGW+nbRRfDDp1SCdiroh8pWLMPXMw8Y+1/TkTvy9JVuTz sPnoxnc1rwub8CToTipb4gUcHON96bp+PG+gjSTfp4D1+SwBcg3hNiIhqfxMWN2K SnF0Euj1S/aSCfYUR/63Jvsw55n/ApkhHKtMOOJtqgzogfyZqDRJPKGGULZj7Swj fusVT+XATM6PBcMlh+6g8I2NgU/jHj+an1cjB7Ur5/Wfb4BgMx2o57t3pD1Fb9k0 sNDLUZi/jFG5fy97x6fzj+gWBqfQBSriwIgmL2uVhhEaQAjSKD/bK1KHhfdHVGq3 3zD1IKClAZngxAwjqOz0Hc9yT6syLbe0LGtE1GCDnKm2Zw5aeH83UQTxJ32s21sH VWKWqYNWbbVYKIFQaL7uKl09oc4+UtshuKmYv5s+p2Lq6TLjdW+4xNWzCBzhsV8x xQehajUZ8tDMcGSO6DDuAO5QVZqbCPwYHq8TPsd7pi7OIBfASsbKpmHHF50Z0KhB wT+3AdItPEocRKedCdwaGWrnS5Vi5oL7YXzM+6QB1VrQN235JMNXwuc11DikHbcL 6rDiKqh+8IeTMIeQ =KJ2L END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 3 |
Alert History
Date | Informations |
---|---|
2019-02-01 21:20:54 |
|
2018-11-06 21:22:01 |
|
2018-11-01 17:18:18 |
|