Vulnerability Details CVE-2018-19860
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
- http://seclists.org/fulldisclosure/2019/Aug/11
- http://seclists.org/fulldisclosure/2019/Jul/22
- https://seclists.org/bugtraq/2019/Aug/21
- https://source.android.com/security/bulletin/2019-05-01
- https://support.apple.com/kb/HT210348
- https://www.broadcom.com/support/resources/product-security-center
- http://seclists.org/fulldisclosure/2019/Aug/11
- http://seclists.org/fulldisclosure/2019/Jul/22
- https://seclists.org/bugtraq/2019/Aug/21
- https://source.android.com/security/bulletin/2019-05-01
- https://support.apple.com/kb/HT210348
- https://www.broadcom.com/support/resources/product-security-center
Products affected by CVE-2018-19860
-
cpe:2.3:h:broadcom:bcm4335c0:-
-
cpe:2.3:h:broadcom:bcm43438a1:-
-
cpe:2.3:h:cypress:cyw20702a1kwfbg:-
-
cpe:2.3:h:cypress:cyw20702a1kwfbgt:-
-
cpe:2.3:h:cypress:cyw20702b0kwfbg:-
-
cpe:2.3:h:cypress:cyw20702b0kwfbgt:-
-
cpe:2.3:h:cypress:cyw20703ua1kffb1g:-
-
cpe:2.3:h:cypress:cyw20703ua1kffb1gt:-
-
cpe:2.3:h:cypress:cyw20704ua1kffb1g:-
-
cpe:2.3:h:cypress:cyw20704ua1kffb1gt:-
-
cpe:2.3:h:cypress:cyw20704ua2kffb1g:-
-
cpe:2.3:h:cypress:cyw20704ua2kffb1gt:-
-
cpe:2.3:h:cypress:cyw20705a1kwfbgt:-
-
cpe:2.3:h:cypress:cyw20705b0kwfbg:-
-
cpe:2.3:h:cypress:cyw20705b0kwfbgt:-
-
cpe:2.3:h:cypress:cyw20706ua1kffb1g:-
-
cpe:2.3:h:cypress:cyw20706ua1kffb1gt:-
-
cpe:2.3:h:cypress:cyw20706ua1kffb4g:-
-
cpe:2.3:h:cypress:cyw20706ua2kffb4g:-
-
cpe:2.3:h:cypress:cyw20706ua2kffb4gt:-
-
cpe:2.3:h:cypress:cyw20707a2kubgt:-
-
cpe:2.3:h:cypress:cyw20707ua1kffb1g:-
-
cpe:2.3:h:cypress:cyw20707ua1kffb4g:-
-
cpe:2.3:h:cypress:cyw20707ua1kffb4gt:-
-
cpe:2.3:h:cypress:cyw20707ua2kffb4g:-
-
cpe:2.3:h:cypress:cyw20707ua2kffb4gt:-
-
cpe:2.3:h:cypress:cyw20707va1pkwbgt:-
-
cpe:2.3:h:cypress:cyw20707va2pkwbgt:-
-
cpe:2.3:h:cypress:cyw20730a1kfbg:-
-
cpe:2.3:h:cypress:cyw20730a1kfbgt:-
-
cpe:2.3:h:cypress:cyw20730a1kml2g:-
-
cpe:2.3:h:cypress:cyw20730a1kml2gt:-
-
cpe:2.3:h:cypress:cyw20730a1kmlg:-
-
cpe:2.3:h:cypress:cyw20730a1kmlgt:-
-
cpe:2.3:h:cypress:cyw20730a2kfbg:-
-
cpe:2.3:h:cypress:cyw20730a2kfbgt:-
-
cpe:2.3:h:cypress:cyw20730a2kml2g:-
-
cpe:2.3:h:cypress:cyw20730a2kml2gt:-
-
cpe:2.3:h:cypress:cyw20733a1kfb1gt:-
-
cpe:2.3:h:cypress:cyw20733a2kfb1g:-
-
cpe:2.3:h:cypress:cyw20733a2kfb1gt:-
-
cpe:2.3:h:cypress:cyw20733a2kml1g:-
-
cpe:2.3:h:cypress:cyw20733a2kml1gt:-
-
cpe:2.3:h:cypress:cyw20733a3kfb1g:-
-
cpe:2.3:h:cypress:cyw20733a3kfb1gt:-
-
cpe:2.3:h:cypress:cyw20733a3kfb2gt:-
-
cpe:2.3:h:cypress:cyw20733a3kml1g:-
-
cpe:2.3:h:cypress:cyw20733a3kml1gt:-
-
cpe:2.3:h:cypress:cyw20734ua1kffb3g:-
-
cpe:2.3:h:cypress:cyw20734ua1kffb3gt:-
-
cpe:2.3:h:cypress:cyw20734ua2kffb3g:-
-
cpe:2.3:h:cypress:cyw20734ua2kffb3gt:-
-
cpe:2.3:h:cypress:cyw43438kubgt:-
-
cpe:2.3:h:cypress:cyw4343w1kubgt:-
-
cpe:2.3:h:cypress:cyw4343wkubgt:-
-
cpe:2.3:h:cypress:cyw4343wkwbgt:-
-
cpe:2.3:h:cypress:cyw4354kkwbgt:-
-
cpe:2.3:h:cypress:cyw4354xkubgt:-
-
cpe:2.3:h:cypress:cyw89071a1cubxgt:-
-
cpe:2.3:h:cypress:cyw89072brfb5g:-
-
cpe:2.3:h:cypress:cyw89072brfb5gt:-
-
cpe:2.3:h:cypress:cyw89335l2cubgt:-
-
cpe:2.3:h:cypress:cyw89335lcubgt:-
-
cpe:2.3:o:broadcom:bcm4335c0_firmware:2012-12-11
-
cpe:2.3:o:broadcom:bcm43438a1_firmware:2014-06-02
-
cpe:2.3:o:cypress:cyw20702a1kwfbg_firmware:-
-
cpe:2.3:o:cypress:cyw20702a1kwfbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20702b0kwfbg_firmware:-
-
cpe:2.3:o:cypress:cyw20702b0kwfbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20703ua1kffb1g_firmware:-
-
cpe:2.3:o:cypress:cyw20703ua1kffb1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20704ua1kffb1g_firmware:-
-
cpe:2.3:o:cypress:cyw20704ua1kffb1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20704ua2kffb1g_firmware:-
-
cpe:2.3:o:cypress:cyw20704ua2kffb1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20705a1kwfbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20705b0kwfbg_firmware:-
-
cpe:2.3:o:cypress:cyw20705b0kwfbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20706ua1kffb1g_firmware:-
-
cpe:2.3:o:cypress:cyw20706ua1kffb1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20706ua1kffb4g_firmware:-
-
cpe:2.3:o:cypress:cyw20706ua2kffb4g_firmware:-
-
cpe:2.3:o:cypress:cyw20706ua2kffb4gt_firmware:-
-
cpe:2.3:o:cypress:cyw20707a2kubgt_firmware:-
-
cpe:2.3:o:cypress:cyw20707ua1kffb1g_firmware:-
-
cpe:2.3:o:cypress:cyw20707ua1kffb4g_firmware:-
-
cpe:2.3:o:cypress:cyw20707ua1kffb4gt_firmware:-
-
cpe:2.3:o:cypress:cyw20707ua2kffb4g_firmware:-
-
cpe:2.3:o:cypress:cyw20707ua2kffb4gt_firmware:-
-
cpe:2.3:o:cypress:cyw20707va1pkwbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20707va2pkwbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20730a1kfbg_firmware:-
-
cpe:2.3:o:cypress:cyw20730a1kfbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20730a1kml2g_firmware:-
-
cpe:2.3:o:cypress:cyw20730a1kml2gt_firmware:-
-
cpe:2.3:o:cypress:cyw20730a1kmlg_firmware:-
-
cpe:2.3:o:cypress:cyw20730a1kmlgt_firmware:-
-
cpe:2.3:o:cypress:cyw20730a2kfbg_firmware:-
-
cpe:2.3:o:cypress:cyw20730a2kfbgt_firmware:-
-
cpe:2.3:o:cypress:cyw20730a2kml2g_firmware:-
-
cpe:2.3:o:cypress:cyw20730a2kml2gt_firmware:-
-
cpe:2.3:o:cypress:cyw20733a1kfb1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20733a2kfb1g_firmware:-
-
cpe:2.3:o:cypress:cyw20733a2kfb1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20733a2kml1g_firmware:-
-
cpe:2.3:o:cypress:cyw20733a2kml1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20733a3kfb1g_firmware:-
-
cpe:2.3:o:cypress:cyw20733a3kfb1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20733a3kfb2gt_firmware:-
-
cpe:2.3:o:cypress:cyw20733a3kml1g_firmware:-
-
cpe:2.3:o:cypress:cyw20733a3kml1gt_firmware:-
-
cpe:2.3:o:cypress:cyw20734ua1kffb3g_firmware:-
-
cpe:2.3:o:cypress:cyw20734ua1kffb3gt_firmware:-
-
cpe:2.3:o:cypress:cyw20734ua2kffb3g_firmware:-
-
cpe:2.3:o:cypress:cyw20734ua2kffb3gt_firmware:-
-
cpe:2.3:o:cypress:cyw43438kubgt_firmware:-
-
cpe:2.3:o:cypress:cyw4343w1kubgt_firmware:-
-
cpe:2.3:o:cypress:cyw4343wkubgt_firmware:-
-
cpe:2.3:o:cypress:cyw4343wkwbgt_firmware:-
-
cpe:2.3:o:cypress:cyw4354kkwbgt_firmware:-
-
cpe:2.3:o:cypress:cyw4354xkubgt_firmware:-
-
cpe:2.3:o:cypress:cyw89071a1cubxgt_firmware:-
-
cpe:2.3:o:cypress:cyw89072brfb5g_firmware:-
-
cpe:2.3:o:cypress:cyw89072brfb5gt_firmware:-
-
cpe:2.3:o:cypress:cyw89335l2cubgt_firmware:-
-
cpe:2.3:o:cypress:cyw89335lcubgt_firmware:-