Sign-up

ID

VAR-201903-1286


CVE

CVE-2018-20378


TITLE

OpenSynergy Blue SDK Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015142

DESCRIPTION

The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c. OpenSynergy Blue SDK Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2018-20378 // JVNDB: JVNDB-2018-015142

IOT TAXONOMY

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:opensynergymodel:blue sdkscope:gteversion:3.2

Trust: 1.0

vendor:opensynergymodel:blue sdkscope:gteversion:6.0

Trust: 1.0

vendor:opensynergymodel:blue sdkscope:ltversion:6.0.1

Trust: 1.0

vendor:opensynergymodel:blue sdkscope:lteversion:5.5.3

Trust: 1.0

vendor:opensynergymodel:blue sdkscope:eqversion:3.2 to 6.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-015142 // NVD: CVE-2018-20378

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20378
value: HIGH

Trust: 1.0

NVD: CVE-2018-20378
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1183
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-20378
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-20378
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-015142 // CNNVD: CNNVD-201903-1183 // NVD: CVE-2018-20378

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-015142 // NVD: CVE-2018-20378

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-1183

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-1183

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015142

PATCH
title:BlueSDK - 2018-003url:https://www.opensynergy.com/news/security/bluesdk-advisory2018003/
Trust: 0.8
title:OpenSynergy Blue SDK Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90879
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015142 // 
            
            
            
            CNNVD: CNNVD-201903-1183

EXTERNAL IDS
db:NVDid:CVE-2018-20378
Trust: 2.5
db:JVNDBid:JVNDB-2018-015142
Trust: 0.8
db:CNNVDid:CNNVD-201903-1183
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2018-015142 // 
            
            
            
            CNNVD: CNNVD-201903-1183 // 
            
            
            
            NVD: CVE-2018-20378

REFERENCES
url:https://www.cymotive.com/wp-content/uploads/2019/03/hell2cap-0day.pdf
Trust: 2.4
url:https://www.opensynergy.com/news/security/bluesdk-advisory2018003/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-20378
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20378
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2018-015142 // 
            
            
            
            CNNVD: CNNVD-201903-1183 // 
            
            
            
            NVD: CVE-2018-20378

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2018-015142
db:CNNVDid:CNNVD-201903-1183
db:NVDid:CVE-2018-20378

LAST UPDATE DATE
2025-01-30T21:28:10.022000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-015142date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1183date:2019-04-04T00:00:00
db:NVDid:CVE-2018-20378date:2024-11-21T04:01:21.563

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-015142date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1183date:2019-03-29T00:00:00
db:NVDid:CVE-2018-20378date:2019-03-29T15:29:00.510