Search criteria
1 vulnerability found for cc1350 by ti
VAR-201811-0299
Vulnerability from variot - Updated: 2025-01-30 21:06Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Contains a buffer overflow vulnerability. Insufficient memory operation range (CWE-119) - CVE-2018-16986 Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Is BLE advertising There is a problem with packet processing. In the chip ROM Included in the image llGetAdvChanPDU Function received advertising Parses the packet and copies its contents to another buffer. If the received data exceeds a certain length, BLE-Stack Included in applications that run on halAssertHandler It is a mechanism to call a function and continue processing. The following chips are vulnerable: CC2640 (non-R2) with BLE-STACK version 2.2.1 or prior CC2650 with BLE-STACK version 2.2.1 or prior CC2640R2F with SimpleLink CC2640R2 SDK version 1.00.00.22 (BLE-STACK 3.0.0) CC1350 with SimpleLink CC13x0 SDK version 2.20.00.38 (BLE-STACK 2.3.3) or prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0299",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ble-stack",
"scope": "eq",
"trust": 1.0,
"vendor": "ti",
"version": "3.0.0"
},
{
"model": "ble-stack",
"scope": "lte",
"trust": 1.0,
"vendor": "ti",
"version": "2.2.1"
},
{
"model": "ble-stack",
"scope": "lte",
"trust": 1.0,
"vendor": "ti",
"version": "2.3.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "aruba",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "texas instruments",
"version": null
},
{
"model": "ble-stack",
"scope": "lt",
"trust": 0.8,
"vendor": "texas instrument",
"version": "v2.2.2 earlier"
},
{
"model": "simplelink cc2640r2 sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "1.00.00.22"
},
{
"model": "simplelink cc13x0 sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.20.00.38"
},
{
"model": "cc2650",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "cc2640r2f",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "cc2640",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "cc1350",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "3.0"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.3.3"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.2.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.1.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.0"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "1.4.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "1.4"
},
{
"model": "meraki mr74",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr53e",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr42e",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr33",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr30h",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4800"
},
{
"model": "aironet 1815m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet 1815i",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "18100"
},
{
"model": "aironet 1800i",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15400"
},
{
"model": "simplelink cc2640r2 sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "1.30.00.25"
},
{
"model": "simplelink cc13x0 sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "2.30.00.20"
},
{
"model": "ble-stack",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "3.0.1"
},
{
"model": "ble-stack",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "2.3.4"
},
{
"model": "ble-stack",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "2.2.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:texas_instrument:ukcms:ble-stack",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank Ben Seri, for finding and reporting this vulnerability., VP of Research at Armis",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
],
"trust": 0.6
},
"cve": "CVE-2018-16986",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-16986",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-16986",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16986",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-025",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Contains a buffer overflow vulnerability. Insufficient memory operation range (CWE-119) - CVE-2018-16986 Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Is BLE advertising There is a problem with packet processing. In the chip ROM Included in the image llGetAdvChanPDU Function received advertising Parses the packet and copies its contents to another buffer. If the received data exceeds a certain length, BLE-Stack Included in applications that run on halAssertHandler It is a mechanism to call a function and continue processing. \nThe following chips are vulnerable:\nCC2640 (non-R2) with BLE-STACK version 2.2.1 or prior\nCC2650 with BLE-STACK version 2.2.1 or prior\nCC2640R2F with SimpleLink CC2640R2 SDK version 1.00.00.22 (BLE-STACK 3.0.0)\nCC1350 with SimpleLink CC13x0 SDK version 2.20.00.38 (BLE-STACK 2.3.3) or prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16986"
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "BID",
"id": "105812"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#317277",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2018-16986",
"trust": 2.8
},
{
"db": "BID",
"id": "105812",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1042018",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU98767431",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1300",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"id": "VAR-201811-0299",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "bluetooth device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:06:31.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": " Aruba BLE Radio Firmware Vulnerability ",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
},
{
"title": "BLE-Stack 2.2.2",
"trust": 0.8,
"url": "http://software-dl.ti.com/lprf/ble_stack/exports/release_notes_BLE_Stack_2_2_2.html"
},
{
"title": "Texas Instruments CC2640 and CC2650 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86570"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://armis.com/bleedingbit/"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/317277"
},
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181101-ap"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105812"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1042018"
},
{
"trust": 1.6,
"url": "http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827"
},
{
"trust": 1.1,
"url": "http://software-dl.ti.com/lprf/ble_stack/exports/release_notes_ble_stack_2_2_2.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2018-006.txt"
},
{
"trust": 0.8,
"url": "http://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_2_30_00_28/docs/blestack/ble_user_guide/html/ble3-stack-oad/index-ble3-cc2640.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16986"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98767431/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16986"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-18-356"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79126"
},
{
"trust": 0.3,
"url": "http://www.ti.com/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-01T00:00:00",
"db": "CERT/CC",
"id": "VU#317277"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105812"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"date": "2018-11-06T15:29:00.327000",
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#317277"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105812"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"date": "2024-11-21T03:53:39.360000",
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update",
"sources": [
{
"db": "CERT/CC",
"id": "VU#317277"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
],
"trust": 0.6
}
}