Vulnerability identifier: #VU15684

Vulnerability risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-7080

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
BLE-STACK
Universal components / Libraries / Software for developers

Vendor: Broadcom

Description

The vulnerability allows a physical attacker to gain full control over on the target device.

The weakness exists due to an error when handling malicious input if the device using the chip has the over-the-air firmware download (OAD) feature enabled. A physical attacker who acquired the password by sniffing a legitimate update or reverse-engineering Aruba’s BLE firmware can connect to the BLE chip on a vulnerable access point, upload a malicious update to the targeted AP containing the attacker’s own code, completely rewrite the operating system and gain full control over it.

The vulnerability has been dubbed as "BLEEDINGBIT".

Mitigation
It is recommended you ensure the OAD functionality is not active in live, production environments without the proper security addressed.

Vulnerable software versions

BLE-STACK: All versions

---

External links
http://armis.com/bleedingbit/

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.