FKIE_CVE-2018-7080

Vulnerability from fkie_nvd - Published: 2018-12-07 21:29 - Updated: 2024-11-21 04:11
Severity ?
7.5 (High) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.
References
security-alert@hpe.comhttp://www.securityfocus.com/bid/105814Third Party Advisory, VDB Entry
security-alert@hpe.comhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txtMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105814Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txtMitigation, Vendor Advisory
Impacted products
Vendor Product Version
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks arubaos *
arubanetworks 203rp_firmware -
arubanetworks 203rp -
arubanetworks 203r_firmware -
arubanetworks 203r -
arubanetworks ap-300_series_access_points_firmware -
arubanetworks ap-300_series_access_points -
arubanetworks ap-300_series_instant_access_points_firmware -
arubanetworks ap-300_series_instant_access_points -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1F19E1F-F852-4A9E-BCA0-C00095FC4E81",
              "versionEndExcluding": "6.4.4.20",
              "versionStartIncluding": "6.4.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E4BE0C-4329-40EF-8806-8BA8B0FD3CC9",
              "versionEndExcluding": "6.5.3.9",
              "versionStartIncluding": "6.5.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CCB557-CCF0-4C6E-BC96-B0FC06D1C1AF",
              "versionEndExcluding": "6.5.4.9",
              "versionStartIncluding": "6.5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3CF639-D500-4AE0-A2F3-1B4D9F08EC35",
              "versionEndExcluding": "8.2.2.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39FFDECF-2181-4795-AAE6-3960AEB867D4",
              "versionEndExcluding": "8.3.0.4",
              "versionStartIncluding": "8.3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:203rp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78EE6E62-F628-4978-8C02-934B3B28E751",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:203rp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA926A8-93A3-4C56-87A5-E29C370D897F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:203r_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D749127-3A66-4155-A072-835518E3594D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:203r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D41FCBFE-661D-42E3-9211-DBEB84CDBBCE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:ap-300_series_access_points_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17C487E-7233-4F4D-ADD3-E32F80B44C70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:ap-300_series_access_points:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1019E0BD-36A9-4620-9EE1-0DAF92C4C5CE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arubanetworks:ap-300_series_instant_access_points_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D9CDF3-0EEC-416A-89D6-3C5F81AE7798",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arubanetworks:ap-300_series_instant_access_points:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F091F2-1798-41EB-863E-B3D68F9F58D3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP\u0027s BLE radio and could then gain access to the AP\u0027s console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en el firmware de las radios BLE embebidas que forman parte de algunos puntos de acceso de Aruba. Un atacante que pueda explotar esta vulnerabilidad podr\u00eda instalar firmware nuevo y potencialmente malicioso en la radio BLE del punto de acceso para obtener acceso al puerto de la consola del punto de acceso. Esta vulnerabilidad es aplicable solo si la radio BLE est\u00e1 habilitada en los puntos de acceso afectados. La radio BLE est\u00e1 deshabilitada por defecto. Nota: los productos Aruba NO se han visto afectados por una vulnerabilidad rastreada como CVE-2018-16986."
    }
  ],
  "id": "CVE-2018-7080",
  "lastModified": "2024-11-21T04:11:37.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-07T21:29:01.390",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105814"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.