Bluetooth® Pairing Vulnerability (CVE-2018-5383): Impact on Dell products

Dell is aware of the Bluetooth® Pairing Vulnerability (CVE-2018-5383) affecting many Bluetooth connections that were disclosed by CERT Vulnerability Note VU#304725.on July 23rd 2018.  The vulnerability affects user devices in active discovery mode ("pairing process"), and could allow an unauthenticated attacker with physical proximity of the targeted user’s device to potentially gain unauthorized access, intercept traffic and send forged pairing messages to a Bluetooth® device.  For more information, please review https://www.kb.cert.org/vuls/id/304725.

 

Dell has completed their investigation and impact is isolated to Dell PCs and Thin Client products. The level of impact to Dell PCs and Thin Client products may vary depending on the affected product. Dell highly recommends customers immediately download the patch applicable to their system as soon as they are made available. This article will be updated as additional information becomes available.

 

Dell Products Impacted:

Dell Consumer and Commercial Client Systems

Dell Client computers (Dell Precision, Latitude, OptiPlex, Inspiron, Vostro, XPS, Alienware) use a variety of Bluetooth adapters and their impact and resolution will vary by manufacturer.

To get a concise list of the drivers available for the Bluetooth adapter installed in your Dell computer, refer to the Dell Knowledge Base article How do I download and install a device driver?.

Customers who have enabled Dell Update (consumer platforms) or Dell Command | Update (commercial platforms) or SupportAssist will have drivers, BIOS and firmware updates downloaded automatically once available.

 

Impacted Thin Client Systems

The impact platform list for Dell Thin Client products will be updated as information becomes available.

 

 

References:

Intel Security Advisory: 

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html

---

NA

See Symptoms section.