8.8
HIGH
CVE-2018-19860
Broadcom Wireless BCM4335/43438 Nowhere-to-Hide AmitMai
Description

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

INFO

Published Date :

June 7, 2019, 5:29 p.m.

Last Modified :

Aug. 24, 2020, 5:37 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

2.8
Public PoC/Exploit Available at Github

CVE-2018-19860 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2018-19860 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cypress cyw20702a1kwfbg_firmware
2 Cypress cyw20702a1kwfbgt_firmware
3 Cypress cyw20702b0kwfbg_firmware
4 Cypress cyw20702b0kwfbgt_firmware
5 Cypress cyw20703ua1kffb1g_firmware
6 Cypress cyw20703ua1kffb1gt_firmware
7 Cypress cyw20704ua1kffb1g_firmware
8 Cypress cyw20704ua1kffb1gt_firmware
9 Cypress cyw20704ua2kffb1g_firmware
10 Cypress cyw20704ua2kffb1gt_firmware
11 Cypress cyw20705a1kwfbgt_firmware
12 Cypress cyw20705b0kwfbg_firmware
13 Cypress cyw20705b0kwfbgt_firmware
14 Cypress cyw20706ua1kffb1g_firmware
15 Cypress cyw20706ua1kffb1gt_firmware
16 Cypress cyw20706ua1kffb4g_firmware
17 Cypress cyw20706ua2kffb4g_firmware
18 Cypress cyw20706ua2kffb4gt_firmware
19 Cypress cyw20707a2kubgt_firmware
20 Cypress cyw20707ua1kffb1g_firmware
21 Cypress cyw20707ua1kffb4g_firmware
22 Cypress cyw20707ua1kffb4gt_firmware
23 Cypress cyw20707ua2kffb4g_firmware
24 Cypress cyw20707ua2kffb4gt_firmware
25 Cypress cyw20707va1pkwbgt_firmware
26 Cypress cyw20707va2pkwbgt_firmware
27 Cypress cyw20730a1kfbg_firmware
28 Cypress cyw20730a1kfbgt_firmware
29 Cypress cyw20730a1kml2g_firmware
30 Cypress cyw20730a1kml2gt_firmware
31 Cypress cyw20730a1kmlg_firmware
32 Cypress cyw20730a1kmlgt_firmware
33 Cypress cyw20730a2kfbg_firmware
34 Cypress cyw20730a2kfbgt_firmware
35 Cypress cyw20730a2kml2g_firmware
36 Cypress cyw20730a2kml2gt_firmware
37 Cypress cyw20733a1kfb1gt_firmware
38 Cypress cyw20733a2kfb1g_firmware
39 Cypress cyw20733a2kfb1gt_firmware
40 Cypress cyw20733a2kml1g_firmware
41 Cypress cyw20733a2kml1gt_firmware
42 Cypress cyw20733a3kfb1g_firmware
43 Cypress cyw20733a3kfb1gt_firmware
44 Cypress cyw20733a3kfb2gt_firmware
45 Cypress cyw20733a3kml1g_firmware
46 Cypress cyw20733a3kml1gt_firmware
47 Cypress cyw20734ua1kffb3g_firmware
48 Cypress cyw20734ua1kffb3gt_firmware
49 Cypress cyw20734ua2kffb3g_firmware
50 Cypress cyw20734ua2kffb3gt_firmware
51 Cypress cyw43438kubgt_firmware
52 Cypress cyw4343w1kubgt_firmware
53 Cypress cyw4343wkubgt_firmware
54 Cypress cyw4343wkwbgt_firmware
55 Cypress cyw4354kkwbgt_firmware
56 Cypress cyw4354xkubgt_firmware
57 Cypress cyw89071a1cubxgt_firmware
58 Cypress cyw89072brfb5g_firmware
59 Cypress cyw89072brfb5gt_firmware
60 Cypress cyw89335l2cubgt_firmware
61 Cypress cyw89335lcubgt_firmware
1 Broadcom bcm4335c0_firmware
2 Broadcom bcm43438a1_firmware
References to Advisories, Solutions, and Tools

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research, penetration testing and bluetooth hacking. We also collected and classified Bluetooth vulnerabilities in an "Awesome Bluetooth Security" way

bluetooth bluetooth-classic bluetooth-security exploit security security-tools bluetooth-toolkit awesome awesome-list bluetooth-hacking information-security penetration-testing pentesting wireless-security

Shell Ruby

Updated: 2 months ago
300 stars 26 fork 26 watcher
Born at : May 13, 2024, 4:19 p.m. This repo has been linked 42 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2018-19860 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2018-19860 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CWE Remap by [email protected]

    Aug. 24, 2020

    Action Type Old Value New Value
    Changed CWE CWE-264 CWE-732
  • CVE Modified by [email protected]

    Aug. 16, 2019

    Action Type Old Value New Value
    Added Reference http://seclists.org/fulldisclosure/2019/Aug/11 [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 14, 2019

    Action Type Old Value New Value
    Added Reference https://seclists.org/bugtraq/2019/Aug/21 [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 23, 2019

    Action Type Old Value New Value
    Added Reference http://seclists.org/fulldisclosure/2019/Jul/22 [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 22, 2019

    Action Type Old Value New Value
    Added Reference https://support.apple.com/kb/HT210348 [No Types Assigned]
  • Initial Analysis by [email protected]

    Jun. 11, 2019

    Action Type Old Value New Value
    Added CVSS V2 (AV:A/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://source.android.com/security/bulletin/2019-05-01 No Types Assigned https://source.android.com/security/bulletin/2019-05-01 Third Party Advisory
    Changed Reference Type https://www.broadcom.com/support/resources/product-security-center No Types Assigned https://www.broadcom.com/support/resources/product-security-center Vendor Advisory
    Added CWE CWE-264
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm4335c0_firmware:2012-12-11:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm4335c0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:broadcom:bcm43438a1_firmware:2014-06-02:*:*:*:*:*:*:* OR cpe:2.3:h:broadcom:bcm43438a1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20702a1kwfbg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20702a1kwfbg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20702a1kwfbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20702a1kwfbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20702b0kwfbg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20702b0kwfbg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20702b0kwfbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20702b0kwfbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20703ua1kffb1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20703ua1kffb1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20703ua1kffb1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20703ua1kffb1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20704ua1kffb1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20704ua1kffb1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20704ua1kffb1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20704ua1kffb1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20704ua2kffb1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20704ua2kffb1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20704ua2kffb1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20704ua2kffb1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20705a1kwfbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20705a1kwfbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20705b0kwfbg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20705b0kwfbg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20705b0kwfbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20705b0kwfbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20706ua1kffb1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20706ua1kffb1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20706ua1kffb1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20706ua1kffb1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20706ua1kffb4g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20706ua1kffb4g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20706ua2kffb4g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20706ua2kffb4g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20706ua2kffb4gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20706ua2kffb4gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707a2kubgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707a2kubgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707ua1kffb1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707ua1kffb1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707ua1kffb4g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707ua1kffb4g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707ua1kffb4gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707ua1kffb4gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707ua2kffb4g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707ua2kffb4g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707ua2kffb4gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707ua2kffb4gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707va1pkwbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707va1pkwbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20707va2pkwbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20707va2pkwbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a1kfbg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a1kfbg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a1kfbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a1kfbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a1kml2g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a1kml2g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a1kml2gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a1kml2gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a1kmlg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a1kmlg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a1kmlgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a1kmlgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a2kfbg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a2kfbg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a2kfbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a2kfbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a2kml2g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a2kml2g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20730a2kml2gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20730a2kml2gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a1kfb1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a1kfb1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a2kfb1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a2kfb1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a2kfb1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a2kfb1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a2kml1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a2kml1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a2kml1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a2kml1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a3kfb1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a3kfb1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a3kfb1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a3kfb1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a3kfb2gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a3kfb2gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a3kml1g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a3kml1g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20733a3kml1gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20733a3kml1gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20734ua1kffb3g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20734ua1kffb3g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20734ua1kffb3gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20734ua1kffb3gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20734ua2kffb3g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20734ua2kffb3g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw20734ua2kffb3gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw20734ua2kffb3gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw43438kubgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw43438kubgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw4343w1kubgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw4343w1kubgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw4343wkubgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw4343wkubgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw4343wkwbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw4343wkwbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw4354kkwbgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw4354kkwbgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw4354xkubgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw4354xkubgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw89071a1cubxgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw89071a1cubxgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw89072brfb5g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw89072brfb5g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw89072brfb5gt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw89072brfb5gt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw89335l2cubgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw89335l2cubgt:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:cypress:cyw89335lcubgt_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:cypress:cyw89335lcubgt:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.16 }} 0.04%

score

0.53138

percentile

CVSS30 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability