Multiple vulnerabilities in Texas Instruments chips
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-7080 CVE-2018-16986 |
| CWE-ID | CWE-264 CWE-120 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
CC2642R Hardware solutions / Firmware CC2640R2 Hardware solutions / Firmware CC2640 Hardware solutions / Firmware Other |
| Vendor |
Texas Instruments |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU15684
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-7080
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to gain full control over on the target device.
The weakness exists due to an error when handling malicious input if the device using the chip has the over-the-air firmware download (OAD) feature enabled. A physical attacker who acquired the password by sniffing a legitimate update or reverse-engineering Aruba’s BLE firmware can connect to the BLE chip on a vulnerable access point, upload a malicious update to the targeted AP containing the attacker’s own code, completely rewrite the operating system and gain full control over it.
The vulnerability has been dubbed as "BLEEDINGBIT".
MitigationIt is recommended you ensure the OAD functionality is not active in live, production environments without the proper security addressed.
Vulnerable software versionsCC2642R: All versions
: All versions
CC2640R2: All versions
: All versions
CC2640: All versions
CPE2.3- cpe:2.3:h:texas_instruments:cc2642r:*:*:*:*:*:*:*:*
- cpe:2.3::::*:*:*:*:*:*:*:*
- cpe:2.3:h:texas_instruments:cc2640r2:*:*:*:*:*:*:*:*
- cpe:2.3::::*:*:*:*:*:*:*:*
- cpe:2.3:h:texas_instruments:cc2640:*:*:*:*:*:*:*:*
https://www.ti.com/tool/BLE-STACK
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU15683
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-16986
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling malicious input if BLE is turned on and the device is actively scanning. A physical attacker who is in range of the targeted device can send specially crafted packets containing malformed BLE frames, trigger memory corruption and execute arbitrary code. The attacker can also install a backdoor on the chip and then gain complete control of the system. In the case of access points, the attacker can use the compromised AP to spread to other devices on the network, even if segmentation is in place.
The vulnerability has been dubbed as "BLEEDINGBIT".
MitigationUpdate BLE-stack to version 2.2.2.
Vulnerable software versionsCC2640R2: All versions
: All versions
CC2640: All versions
CPE2.3- cpe:2.3:h:texas_instruments:cc2640r2:*:*:*:*:*:*:*:*
- cpe:2.3::::*:*:*:*:*:*:*:*
- cpe:2.3:h:texas_instruments:cc2640:*:*:*:*:*:*:*:*
https://www.ti.com/tool/BLE-STACK
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
