Strix
26.1K

CVE-2018-19860

UnknownEPSS 1.02%

Last modified

CVE-2018-19860 is a vulnerability of currently unknown severity. Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.. EPSS estimates a 1.02% chance of exploitation in the next 30 days.

Description

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

Metrics

EPSS Probability
1.02%

58.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BroadcomBcm4335c0 Firmware2012-12-11
BroadcomBcm43438a1 Firmware2014-06-02
CypressCyw20702a1kwfbg FirmwareAll versions
CypressCyw20702a1kwfbgt FirmwareAll versions
CypressCyw20702b0kwfbg FirmwareAll versions
CypressCyw20702b0kwfbgt FirmwareAll versions
CypressCyw20703ua1kffb1g FirmwareAll versions
CypressCyw20703ua1kffb1gt FirmwareAll versions
CypressCyw20704ua1kffb1g FirmwareAll versions
CypressCyw20704ua1kffb1gt FirmwareAll versions
CypressCyw20704ua2kffb1g FirmwareAll versions
CypressCyw20704ua2kffb1gt FirmwareAll versions
CypressCyw20705a1kwfbgt FirmwareAll versions
CypressCyw20705b0kwfbg FirmwareAll versions
CypressCyw20705b0kwfbgt FirmwareAll versions
CypressCyw20706ua1kffb1g FirmwareAll versions
CypressCyw20706ua1kffb1gt FirmwareAll versions
CypressCyw20706ua1kffb4g FirmwareAll versions
CypressCyw20706ua2kffb4g FirmwareAll versions
CypressCyw20706ua2kffb4gt FirmwareAll versions
CypressCyw20707a2kubgt FirmwareAll versions
CypressCyw20707ua1kffb1g FirmwareAll versions
CypressCyw20707ua1kffb4g FirmwareAll versions
CypressCyw20707ua1kffb4gt FirmwareAll versions
CypressCyw20707ua2kffb4g FirmwareAll versions
CypressCyw20707ua2kffb4gt FirmwareAll versions
CypressCyw20707va1pkwbgt FirmwareAll versions
CypressCyw20707va2pkwbgt FirmwareAll versions
CypressCyw20730a1kfbg FirmwareAll versions
CypressCyw20730a1kfbgt FirmwareAll versions
CypressCyw20730a1kml2g FirmwareAll versions
CypressCyw20730a1kml2gt FirmwareAll versions
CypressCyw20730a1kmlg FirmwareAll versions
CypressCyw20730a1kmlgt FirmwareAll versions
CypressCyw20730a2kfbg FirmwareAll versions
CypressCyw20730a2kfbgt FirmwareAll versions
CypressCyw20730a2kml2g FirmwareAll versions
CypressCyw20730a2kml2gt FirmwareAll versions
CypressCyw20733a1kfb1gt FirmwareAll versions
CypressCyw20733a2kfb1g FirmwareAll versions
CypressCyw20733a2kfb1gt FirmwareAll versions
CypressCyw20733a2kml1g FirmwareAll versions
CypressCyw20733a2kml1gt FirmwareAll versions
CypressCyw20733a3kfb1g FirmwareAll versions
CypressCyw20733a3kfb1gt FirmwareAll versions
CypressCyw20733a3kfb2gt FirmwareAll versions
CypressCyw20733a3kml1g FirmwareAll versions
CypressCyw20733a3kml1gt FirmwareAll versions
CypressCyw20734ua1kffb3g FirmwareAll versions
CypressCyw20734ua1kffb3gt FirmwareAll versions

Showing 50 of 63 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-19860?
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
How severe is CVE-2018-19860?
Severity scoring for CVE-2018-19860 is pending analysis. The EPSS model estimates a 1.02% probability of exploitation in the next 30 days.
How do I fix CVE-2018-19860?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-19860?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST