Privilege escalation in BLE-STACK - CVE-2018-7080
Published: November 1, 2018 / Updated: November 2, 2018
Vulnerability identifier: #VU15684
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-7080
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Broadcom
Affected software:
BLE-STACK
BLE-STACK
Detailed vulnerability description
The vulnerability allows a physical attacker to gain full control over on the target device.
The weakness exists due to an error when handling malicious input if the device using the chip has the over-the-air firmware download (OAD) feature enabled. A physical attacker who acquired the password by sniffing a legitimate update or reverse-engineering Aruba’s BLE firmware can connect to the BLE chip on a vulnerable access point, upload a malicious update to the targeted AP containing the attacker’s own code, completely rewrite the operating system and gain full control over it.
The vulnerability has been dubbed as "BLEEDINGBIT".
How to mitigate CVE-2018-7080
It is recommended you ensure the OAD functionality is not active in live, production environments without the proper security addressed.