CVE-2018-19860

high-risk

Published 2019-06-07

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

Do I need to act?

0.60% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Bcm4335C0 Firmware

Bcm43438A1 Firmware

Cyw20702A1Kwfbg Firmware

Cyw20702A1Kwfbgt Firmware

Cyw20702B0Kwfbg Firmware

Cyw20702B0Kwfbgt Firmware

Cyw20703Ua1Kffb1G Firmware

Cyw20703Ua1Kffb1Gt Firmware

Cyw20704Ua1Kffb1G Firmware

Cyw20704Ua1Kffb1Gt Firmware

Cyw20704Ua2Kffb1G Firmware

Cyw20704Ua2Kffb1Gt Firmware

Cyw20705A1Kwfbgt Firmware

Cyw20705B0Kwfbg Firmware

Cyw20705B0Kwfbgt Firmware

Cyw20706Ua1Kffb1G Firmware

Cyw20706Ua1Kffb1Gt Firmware

Cyw20706Ua1Kffb4G Firmware

Cyw20706Ua2Kffb4G Firmware

Cyw20706Ua2Kffb4Gt Firmware

Affected Vendors

Broadcom Cypress

References (12)

http://seclists.org/fulldisclosure/2019/Aug/11

http://seclists.org/fulldisclosure/2019/Jul/22

https://seclists.org/bugtraq/2019/Aug/21

Third Party Advisory https://source.android.com/security/bulletin/2019-05-01

https://support.apple.com/kb/HT210348

Vendor Advisory https://www.broadcom.com/support/resources/product-security-center

http://seclists.org/fulldisclosure/2019/Aug/11

http://seclists.org/fulldisclosure/2019/Jul/22

https://seclists.org/bugtraq/2019/Aug/21

Third Party Advisory https://source.android.com/security/bulletin/2019-05-01

https://support.apple.com/kb/HT210348

Vendor Advisory https://www.broadcom.com/support/resources/product-security-center

/ 100

high-risk

Severity 27/34 · High

Exploitability 2/34 · Minimal

Exposure 27/34 · High