#VU13985 Man-in-the-middle attack in MediaTek
Vulnerability identifier: #VU13985
Vulnerability risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-300
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
MT7668
Mobile applications /
Mobile firmware & hardware
MT8167S
Mobile applications /
Mobile firmware & hardware
MT8532
Mobile applications /
Mobile firmware & hardware
MT8788
Mobile applications /
Mobile firmware & hardware
MT8518S
/
Vendor: MediaTek
Description
The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.
The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key, access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system.
Mitigation
Update to version 10.13.6.
Vulnerable software versions
MT7668: All versions
MT8167S: All versions
MT8518S: All versions
MT8532: All versions
MT8788: All versions
External links
http://support.apple.com/en-us/HT208937
http://corp.mediatek.com/product-security-bulletin/April-2024
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
