CVE-2018-5383 HIGH

CVE-2018-5383: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Vendor Apple
Product macOS
Weakness CWE-325
Published August 7, 2018
Last update September 16, 2024

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Key dates

02Disclosure timeline

August 7, 2018 CVE published
September 16, 2024 Record updated