VAR-201811-0299
Vulnerability from variot - Updated: 2025-01-30 21:06Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Contains a buffer overflow vulnerability. Insufficient memory operation range (CWE-119) - CVE-2018-16986 Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Is BLE advertising There is a problem with packet processing. In the chip ROM Included in the image llGetAdvChanPDU Function received advertising Parses the packet and copies its contents to another buffer. If the received data exceeds a certain length, BLE-Stack Included in applications that run on halAssertHandler It is a mechanism to call a function and continue processing. The following chips are vulnerable: CC2640 (non-R2) with BLE-STACK version 2.2.1 or prior CC2650 with BLE-STACK version 2.2.1 or prior CC2640R2F with SimpleLink CC2640R2 SDK version 1.00.00.22 (BLE-STACK 3.0.0) CC1350 with SimpleLink CC13x0 SDK version 2.20.00.38 (BLE-STACK 2.3.3) or prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0299",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ble-stack",
"scope": "eq",
"trust": 1.0,
"vendor": "ti",
"version": "3.0.0"
},
{
"model": "ble-stack",
"scope": "lte",
"trust": 1.0,
"vendor": "ti",
"version": "2.2.1"
},
{
"model": "ble-stack",
"scope": "lte",
"trust": 1.0,
"vendor": "ti",
"version": "2.3.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "aruba",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "texas instruments",
"version": null
},
{
"model": "ble-stack",
"scope": "lt",
"trust": 0.8,
"vendor": "texas instrument",
"version": "v2.2.2 earlier"
},
{
"model": "simplelink cc2640r2 sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "1.00.00.22"
},
{
"model": "simplelink cc13x0 sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.20.00.38"
},
{
"model": "cc2650",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "cc2640r2f",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "cc2640",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "cc1350",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "0"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "3.0"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.3.3"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.2.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.1.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "2.0"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "1.4.1"
},
{
"model": "ble-stack",
"scope": "eq",
"trust": 0.3,
"vendor": "ti",
"version": "1.4"
},
{
"model": "meraki mr74",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr53e",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr42e",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr33",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "meraki mr30h",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4800"
},
{
"model": "aironet 1815m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet 1815i",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "18100"
},
{
"model": "aironet 1800i",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aironet",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15400"
},
{
"model": "simplelink cc2640r2 sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "1.30.00.25"
},
{
"model": "simplelink cc13x0 sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "2.30.00.20"
},
{
"model": "ble-stack",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "3.0.1"
},
{
"model": "ble-stack",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "2.3.4"
},
{
"model": "ble-stack",
"scope": "ne",
"trust": 0.3,
"vendor": "ti",
"version": "2.2.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:texas_instrument:ukcms:ble-stack",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank Ben Seri, for finding and reporting this vulnerability., VP of Research at Armis",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
],
"trust": 0.6
},
"cve": "CVE-2018-16986",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-16986",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-16986",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16986",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-025",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Contains a buffer overflow vulnerability. Insufficient memory operation range (CWE-119) - CVE-2018-16986 Texas Instruments Microcontroller CC2640 and CC2650 Used in the firmware of BLE-Stack Is BLE advertising There is a problem with packet processing. In the chip ROM Included in the image llGetAdvChanPDU Function received advertising Parses the packet and copies its contents to another buffer. If the received data exceeds a certain length, BLE-Stack Included in applications that run on halAssertHandler It is a mechanism to call a function and continue processing. \nThe following chips are vulnerable:\nCC2640 (non-R2) with BLE-STACK version 2.2.1 or prior\nCC2650 with BLE-STACK version 2.2.1 or prior\nCC2640R2F with SimpleLink CC2640R2 SDK version 1.00.00.22 (BLE-STACK 3.0.0)\nCC1350 with SimpleLink CC13x0 SDK version 2.20.00.38 (BLE-STACK 2.3.3) or prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16986"
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "BID",
"id": "105812"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#317277",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2018-16986",
"trust": 2.8
},
{
"db": "BID",
"id": "105812",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1042018",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU98767431",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1300",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"id": "VAR-201811-0299",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "bluetooth device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:06:31.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": " Aruba BLE Radio Firmware Vulnerability ",
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
},
{
"title": "BLE-Stack 2.2.2",
"trust": 0.8,
"url": "http://software-dl.ti.com/lprf/ble_stack/exports/release_notes_BLE_Stack_2_2_2.html"
},
{
"title": "Texas Instruments CC2640 and CC2650 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86570"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://armis.com/bleedingbit/"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/317277"
},
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181101-ap"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105812"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1042018"
},
{
"trust": 1.6,
"url": "http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827"
},
{
"trust": 1.1,
"url": "http://software-dl.ti.com/lprf/ble_stack/exports/release_notes_ble_stack_2_2_2.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.8,
"url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2018-006.txt"
},
{
"trust": 0.8,
"url": "http://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_2_30_00_28/docs/blestack/ble_user_guide/html/ble3-stack-oad/index-ble3-cc2640.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16986"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98767431/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16986"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-18-356"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79126"
},
{
"trust": 0.3,
"url": "http://www.ti.com/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#317277"
},
{
"db": "BID",
"id": "105812"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-01T00:00:00",
"db": "CERT/CC",
"id": "VU#317277"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105812"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"date": "2018-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"date": "2018-11-06T15:29:00.327000",
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#317277"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "105812"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008978"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-025"
},
{
"date": "2024-11-21T03:53:39.360000",
"db": "NVD",
"id": "CVE-2018-16986"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update",
"sources": [
{
"db": "CERT/CC",
"id": "VU#317277"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-025"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…