Vulnerability identifier: #VU15684
Vulnerability risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
BLE-STACK
Universal components / Libraries /
Software for developers
Vendor: Broadcom
Description
The vulnerability allows a physical attacker to gain full control over on the target device.
The weakness exists due to an error when handling malicious input if the device using the chip has the over-the-air firmware download (OAD) feature enabled. A physical attacker who acquired the password by sniffing a legitimate update or reverse-engineering Aruba’s BLE firmware can connect to the BLE chip on a vulnerable access point, upload a malicious update to the targeted AP containing the attacker’s own code, completely rewrite the operating system and gain full control over it.
The vulnerability has been dubbed as "BLEEDINGBIT".
Mitigation
It is recommended you ensure the OAD functionality is not active in live, production environments without the proper security addressed.
Vulnerable software versions
BLE-STACK: All versions
External links
http://armis.com/bleedingbit/
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.