Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU15683
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16986
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling malicious input if BLE is turned on and the device is actively scanning. A physical attacker who is in range of the targeted device can send specially crafted packets containing malformed BLE frames, trigger memory corruption and execute arbitrary code. The attacker can also install a backdoor on the chip and then gain complete control of the system. In the case of access points, the attacker can use the compromised AP to spread to other devices on the network, even if segmentation is in place.
The vulnerability has been dubbed as "BLEEDINGBIT".
MitigationUpdate Cisco Aironet products to version 8.8.100.0. Update Meraki to version MR 25.13.
Vulnerable software versionsMeraki MR74: before MR 25.13
Meraki MR53E AP: before MR 25.13
Meraki MR42E AP: before MR 25.13
Meraki MR33 AP: before MR 25.13
Meraki MR30H AP: before MR 25.13
Cisco 4800 Aironet Access Points: before 8.8.100.0
Cisco 1815w Aironet Access Points: before 8.8.100.0
Cisco 1815m Aironet Access Points: before 8.8.100.0
Cisco 1815i Aironet Access Points: before 8.8.100.0
Cisco 1810 Aironet Access Points: before 8.8.100.0
Cisco 1800i Aironet Access Points: before 8.8.100.0
Cisco 1540 Aironet Series Outdoor Access Points: before 8.8.100.0
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.