Vulnerability identifier: #VU15683

Vulnerability risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16986

CWE-ID: CWE-120

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
BLE-STACK
Universal components / Libraries / Software for developers

Vendor: Broadcom

Description

The vulnerability allows a physical attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input if BLE is turned on and the device is actively scanning. A physical attacker who is in range of the targeted device can send specially crafted packets containing malformed BLE frames, trigger memory corruption and execute arbitrary code. The attacker can also install a backdoor on the chip and then gain complete control of the system. In the case of access points, the attacker can use the compromised AP to spread to other devices on the network, even if segmentation is in place.

The vulnerability has been dubbed as "BLEEDINGBIT".

Mitigation
Update BLE-stack to version 2.2.2.

Vulnerable software versions

BLE-STACK: All versions

---

External links
http://armis.com/bleedingbit/

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.