Vulnerability Details CVE-2018-16986
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
- http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827
- http://www.securityfocus.com/bid/105812
- http://www.securitytracker.com/id/1042018
- https://armis.com/bleedingbit/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
- https://www.kb.cert.org/vuls/id/317277
- http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827
- http://www.securityfocus.com/bid/105812
- http://www.securitytracker.com/id/1042018
- https://armis.com/bleedingbit/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
- https://www.kb.cert.org/vuls/id/317277
Products affected by CVE-2018-16986
-
cpe:2.3:h:ti:cc1350:-
-
cpe:2.3:h:ti:cc2640:-
-
cpe:2.3:h:ti:cc2640r2f:-
-
cpe:2.3:h:ti:cc2650:-
-
cpe:2.3:o:ti:ble-stack:2.2.1
-
cpe:2.3:o:ti:ble-stack:2.2.2
-
cpe:2.3:o:ti:ble-stack:2.3.3
-
cpe:2.3:o:ti:ble-stack:3.0.0