logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – CVE-2018-16986 & CVE-2018-7080 – New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 22, 2023
    March 22, 2023
    Rewterz Threat Alert – Mekotio Banking Trojan aka Melcoz – Active IOCs
    Severity Medium Analysis Summary Mekotio is a banking trojan that targets users in Latin America and Europe. It is primarily distributed via phishing emails and infected […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Update – Cyber Threat Intelligence Advisory – 23rd March Pakistan Day
    Analysis Summary Overview – 23rd Mar – A Big Day –  As we approach the 23rd of March, Pakistan Day, organizations and individuals should be aware […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Advisory -Multiple Jenkins Products Vulnerabilities
    Severity High Analysis Summary CVE-2023-28684 CVSS:7.1 Jenkins remote-jobs-view-plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – CVE-2018-16986 & CVE-2018-7080 – New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 22, 2023
    March 22, 2023
    Rewterz Threat Alert – Mekotio Banking Trojan aka Melcoz – Active IOCs
    Severity Medium Analysis Summary Mekotio is a banking trojan that targets users in Latin America and Europe. It is primarily distributed via phishing emails and infected […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Update – Cyber Threat Intelligence Advisory – 23rd March Pakistan Day
    Analysis Summary Overview – 23rd Mar – A Big Day –  As we approach the 23rd of March, Pakistan Day, organizations and individuals should be aware […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Advisory -Multiple Jenkins Products Vulnerabilities
    Severity High Analysis Summary CVE-2023-28684 CVSS:7.1 Jenkins remote-jobs-view-plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Advisory – Microsoft Edge Web Browser zero-day exploit about to unleash
November 6, 2018
Rewterz
Rewterz Threat Advisory – Virtual Box zero-day vulnerability exposed
November 8, 2018

Rewterz Threat Advisory – CVE-2018-16986 & CVE-2018-7080 – New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points

November 7, 2018

Two flaws in the Bluetooth Low Energy chips used in major Wi-Fi Access Points could give attackers control of the wireless network.

 

 

IMPACT:  CRITICAL

 

 

PUBLISH DATE:  07-11-2018

 

 

OVERVIEW

 

 

Armis, an IoT security firm, has announced that a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability exists in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650. There are two vulnerabilities, existing due to a memory corruption condition that could occur when processing malformed BLE frames.

 

 

An attacker could exploit the vulnerability when he’s in close proximity to an affected device which is actively scanning. This could happen by broadcasting malformed BLE frames. If the exploit is successful, the attacker could execute arbitrary code or cause denial of service condition in an affected device.

 

 

ANALYSIS

 

 

Bluetooth Low Energy (BLE) chips made by Texas instruments contain vulnerabilities that could give the control of the wireless network over to an attacker. It affects multiple Wi-Fi access points and other devices.

 

 

The BLE chips manufactured by Texas Instruments are used in a major portion of the WiFi Access point (AP) market, including the access points made by Aruba, Cisco and Meraki. About 70% of the total AP enterprise comprises of Wi-Fi access points made by these vendors.

 

 

Two vulnerabilities now called “BleedingBits” have been pinpointed in TI CC2640/50 and TI cc2540/1 chips.

 

 

In CVE-2018-16986, the field that stores “advertising packets” sent by devices for detection gets overflowed. These packets are sent by the devices in the AP’s area to let the AP know that the device is there.

 

 

“It’s supposed to be six bits, but these chips look at two additional bits that are supposed to be zero,” Ben Seri, the vice president of research at Armis says, “If an attacker sends a number of well-formed advertising packets containing code, and then a malformed packet with a “one” in either of those two extra bit places, it results in a stack overflow that could allow execution of all that earlier-delivered code.”

 

 

The second vulnerability, CVE-2018-7080, can only affect Aruba access points, however with the ability to drop larger payloads in single step. In Aruba, there’s an over-the-air download (OAD) feature through BLE as a tool to be used in the development process. If that feature is left active in a production system, an attacker can obtain the hard-coded password and consequently may use the feature to completely rewrite the Access Point’s operating system.

 

 

The BLE radio used in Aruba’s affected APs contains a password-protected functionality that allows for over-the-air firmware updates.  Unfortunately, an attacker with access to a software image (e.g. downloaded from the Aruba website), or with access to the AP hardware, could recover the password.  With access to the password, an attacker can push malicious firmware updates to the BLE radio wirelessly.

 

 

Since BLE does not pose as a potential threat or attack vector, cyber analysts are concerned that it’s a total blind spot from an organization’s viewpoint. Whereas in reality, this BLE chip occupies a location within the systems that could be exploited as a strong point of entrance for an attacker.

 

 

The fact that lots and lots of IoT devices like smart watches and insulin pumps utilize this BLE chip further brings a concern that many devices can be taken control of, if an attacker succeeds at exploiting the chip.

 

 

AFFECTED PRODUCTS

 

 

Cisco Access Points

Cisco Aironet Access Points first supported the BLE feature in software release 8.7, which means an Access Point is only vulnerable if running software release 8.7.102.0 or 8.7.106.0.

 

 

 

 

Aruba’s Access Points: (vulnerable only if the BLE radio is enabled)

 

  • AP-3xx and IAP-3xx series access points
  • AP-203R
  • AP-203RP
  • ArubaOS 6.4.4.x prior to 6.4.4.20
  • ArubaOS 6.5.3.x prior to 6.5.3.9
  • ArubaOS 6.5.4.x prior to 6.5.4.9
  • ArubaOS 8.x prior to 8.2.2.2
  • ArubaOS 8.3.x prior to 8.3.0.4
  • The AP207 is not affected, as it contains a different BLE implementation.

 

 

Other Aruba AP models not listed here do not contain a BLE radio and are not affected.

 

 

MITIGATION

 

 

For the mitigation of these vulnerabilities, BLE radio needs to be disabled to ensure that the BLE chip vulnerabilities do not affect your access points.

 

Here’s Meraki’s guidance on how to disable things.

 

https://documentation.meraki.com/MR/Bluetooth/Bluetooth_Low_Energy_(BLE)#Enable_Bluetooth_Scanning

 

Likewise, Cisco has released an advisory addressing the vulnerabilities.

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap

 

 

For Aruba products, update to following patched versions.

 

  • ArubaOS 6.4.4.20
  • ArubaOS 6.5.3.9
  • ArubaOS 6.5.4.9
  • ArubaOS 8.2.2.2
  • ArubaOS 8.3.0.4

 

 

If you think you’re the victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo