CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
Publish Date : 2019-06-07 Last Update Date : 2019-07-22
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 264

- Products Affected By CVE-2018-19860

# Product Type Vendor Product Version Update Edition Language
1 OS Broadcom Bcm4335c0 Firmware 2012-12-11 Version Details Vulnerabilities
2 OS Broadcom Bcm43438a1 Firmware 2014-06-02 Version Details Vulnerabilities
3 OS Cypress Cyw20702a1kwfbg Firmware - Version Details Vulnerabilities
4 OS Cypress Cyw20702a1kwfbgt Firmware - Version Details Vulnerabilities
5 OS Cypress Cyw20702b0kwfbg Firmware - Version Details Vulnerabilities
6 OS Cypress Cyw20702b0kwfbgt Firmware - Version Details Vulnerabilities
7 OS Cypress Cyw20703ua1kffb1g Firmware - Version Details Vulnerabilities
8 OS Cypress Cyw20703ua1kffb1gt Firmware - Version Details Vulnerabilities
9 OS Cypress Cyw20704ua1kffb1g Firmware - Version Details Vulnerabilities
10 OS Cypress Cyw20704ua1kffb1gt Firmware - Version Details Vulnerabilities
11 OS Cypress Cyw20704ua2kffb1g Firmware - Version Details Vulnerabilities
12 OS Cypress Cyw20704ua2kffb1gt Firmware - Version Details Vulnerabilities
13 OS Cypress Cyw20705a1kwfbgt Firmware - Version Details Vulnerabilities
14 OS Cypress Cyw20705b0kwfbg Firmware - Version Details Vulnerabilities
15 OS Cypress Cyw20705b0kwfbgt Firmware - Version Details Vulnerabilities
16 OS Cypress Cyw20706ua1kffb1g Firmware - Version Details Vulnerabilities
17 OS Cypress Cyw20706ua1kffb1gt Firmware - Version Details Vulnerabilities
18 OS Cypress Cyw20706ua1kffb4g Firmware - Version Details Vulnerabilities
19 OS Cypress Cyw20706ua2kffb4g Firmware - Version Details Vulnerabilities
20 OS Cypress Cyw20706ua2kffb4gt Firmware - Version Details Vulnerabilities
21 OS Cypress Cyw20707a2kubgt Firmware - Version Details Vulnerabilities
22 OS Cypress Cyw20707ua1kffb1g Firmware - Version Details Vulnerabilities
23 OS Cypress Cyw20707ua1kffb4g Firmware - Version Details Vulnerabilities
24 OS Cypress Cyw20707ua1kffb4gt Firmware - Version Details Vulnerabilities
25 OS Cypress Cyw20707ua2kffb4g Firmware - Version Details Vulnerabilities
26 OS Cypress Cyw20707ua2kffb4gt Firmware - Version Details Vulnerabilities
27 OS Cypress Cyw20707va1pkwbgt Firmware - Version Details Vulnerabilities
28 OS Cypress Cyw20707va2pkwbgt Firmware - Version Details Vulnerabilities
29 OS Cypress Cyw20730a1kfbg Firmware - Version Details Vulnerabilities
30 OS Cypress Cyw20730a1kfbgt Firmware - Version Details Vulnerabilities
31 OS Cypress Cyw20730a1kml2g Firmware - Version Details Vulnerabilities
32 OS Cypress Cyw20730a1kml2gt Firmware - Version Details Vulnerabilities
33 OS Cypress Cyw20730a1kmlg Firmware - Version Details Vulnerabilities
34 OS Cypress Cyw20730a1kmlgt Firmware - Version Details Vulnerabilities
35 OS Cypress Cyw20730a2kfbg Firmware - Version Details Vulnerabilities
36 OS Cypress Cyw20730a2kfbgt Firmware - Version Details Vulnerabilities
37 OS Cypress Cyw20730a2kml2g Firmware - Version Details Vulnerabilities
38 OS Cypress Cyw20730a2kml2gt Firmware - Version Details Vulnerabilities
39 OS Cypress Cyw20733a1kfb1gt Firmware - Version Details Vulnerabilities
40 OS Cypress Cyw20733a2kfb1g Firmware - Version Details Vulnerabilities
41 OS Cypress Cyw20733a2kfb1gt Firmware - Version Details Vulnerabilities
42 OS Cypress Cyw20733a2kml1g Firmware - Version Details Vulnerabilities
43 OS Cypress Cyw20733a2kml1gt Firmware - Version Details Vulnerabilities
44 OS Cypress Cyw20733a3kfb1g Firmware - Version Details Vulnerabilities
45 OS Cypress Cyw20733a3kfb1gt Firmware - Version Details Vulnerabilities
46 OS Cypress Cyw20733a3kfb2gt Firmware - Version Details Vulnerabilities
47 OS Cypress Cyw20733a3kml1g Firmware - Version Details Vulnerabilities
48 OS Cypress Cyw20733a3kml1gt Firmware - Version Details Vulnerabilities
49 OS Cypress Cyw20734ua1kffb3g Firmware - Version Details Vulnerabilities
50 OS Cypress Cyw20734ua1kffb3gt Firmware - Version Details Vulnerabilities
51 OS Cypress Cyw20734ua2kffb3g Firmware - Version Details Vulnerabilities
52 OS Cypress Cyw20734ua2kffb3gt Firmware - Version Details Vulnerabilities
53 OS Cypress Cyw43438kubgt Firmware - Version Details Vulnerabilities
54 OS Cypress Cyw4343w1kubgt Firmware - Version Details Vulnerabilities
55 OS Cypress Cyw4343wkubgt Firmware - Version Details Vulnerabilities
56 OS Cypress Cyw4343wkwbgt Firmware - Version Details Vulnerabilities
57 OS Cypress Cyw4354kkwbgt Firmware - Version Details Vulnerabilities
58 OS Cypress Cyw4354xkubgt Firmware - Version Details Vulnerabilities
59 OS Cypress Cyw89071a1cubxgt Firmware - Version Details Vulnerabilities
60 OS Cypress Cyw89072brfb5g Firmware - Version Details Vulnerabilities
61 OS Cypress Cyw89072brfb5gt Firmware - Version Details Vulnerabilities
62 OS Cypress Cyw89335l2cubgt Firmware - Version Details Vulnerabilities
63 OS Cypress Cyw89335lcubgt Firmware - Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Broadcom Bcm4335c0 Firmware 1
Broadcom Bcm43438a1 Firmware 1
Cypress Cyw20702a1kwfbg Firmware 1
Cypress Cyw20702a1kwfbgt Firmware 1
Cypress Cyw20702b0kwfbg Firmware 1
Cypress Cyw20702b0kwfbgt Firmware 1
Cypress Cyw20703ua1kffb1g Firmware 1
Cypress Cyw20703ua1kffb1gt Firmware 1
Cypress Cyw20704ua1kffb1g Firmware 1
Cypress Cyw20704ua1kffb1gt Firmware 1
Cypress Cyw20704ua2kffb1g Firmware 1
Cypress Cyw20704ua2kffb1gt Firmware 1
Cypress Cyw20705a1kwfbgt Firmware 1
Cypress Cyw20705b0kwfbg Firmware 1
Cypress Cyw20705b0kwfbgt Firmware 1
Cypress Cyw20706ua1kffb1g Firmware 1
Cypress Cyw20706ua1kffb1gt Firmware 1
Cypress Cyw20706ua1kffb4g Firmware 1
Cypress Cyw20706ua2kffb4g Firmware 1
Cypress Cyw20706ua2kffb4gt Firmware 1
Cypress Cyw20707a2kubgt Firmware 1
Cypress Cyw20707ua1kffb1g Firmware 1
Cypress Cyw20707ua1kffb4g Firmware 1
Cypress Cyw20707ua1kffb4gt Firmware 1
Cypress Cyw20707ua2kffb4g Firmware 1
Cypress Cyw20707ua2kffb4gt Firmware 1
Cypress Cyw20707va1pkwbgt Firmware 1
Cypress Cyw20707va2pkwbgt Firmware 1
Cypress Cyw20730a1kfbg Firmware 1
Cypress Cyw20730a1kfbgt Firmware 1
Cypress Cyw20730a1kml2g Firmware 1
Cypress Cyw20730a1kml2gt Firmware 1
Cypress Cyw20730a1kmlg Firmware 1
Cypress Cyw20730a1kmlgt Firmware 1
Cypress Cyw20730a2kfbg Firmware 1
Cypress Cyw20730a2kfbgt Firmware 1
Cypress Cyw20730a2kml2g Firmware 1
Cypress Cyw20730a2kml2gt Firmware 1
Cypress Cyw20733a1kfb1gt Firmware 1
Cypress Cyw20733a2kfb1g Firmware 1
Cypress Cyw20733a2kfb1gt Firmware 1
Cypress Cyw20733a2kml1g Firmware 1
Cypress Cyw20733a2kml1gt Firmware 1
Cypress Cyw20733a3kfb1g Firmware 1
Cypress Cyw20733a3kfb1gt Firmware 1
Cypress Cyw20733a3kfb2gt Firmware 1
Cypress Cyw20733a3kml1g Firmware 1
Cypress Cyw20733a3kml1gt Firmware 1
Cypress Cyw20734ua1kffb3g Firmware 1
Cypress Cyw20734ua1kffb3gt Firmware 1
Cypress Cyw20734ua2kffb3g Firmware 1
Cypress Cyw20734ua2kffb3gt Firmware 1
Cypress Cyw43438kubgt Firmware 1
Cypress Cyw4343w1kubgt Firmware 1
Cypress Cyw4343wkubgt Firmware 1
Cypress Cyw4343wkwbgt Firmware 1
Cypress Cyw4354kkwbgt Firmware 1
Cypress Cyw4354xkubgt Firmware 1
Cypress Cyw89071a1cubxgt Firmware 1
Cypress Cyw89072brfb5g Firmware 1
Cypress Cyw89072brfb5gt Firmware 1
Cypress Cyw89335l2cubgt Firmware 1
Cypress Cyw89335lcubgt Firmware 1

- References For CVE-2018-19860

https://source.android.com/security/bulletin/2019-05-01 CONFIRM
http://seclists.org/fulldisclosure/2019/Jul/22
FULLDISC 20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
https://www.broadcom.com/support/resources/product-security-center
https://support.apple.com/kb/HT210348 CONFIRM

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)

- Metasploit Modules Related To CVE-2018-19860

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.