A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Arubanetworks
  • Arubaos
  • Ap-300 Series Instant Access Points
  • Ap-300 Series Access Points
  • 203rp
  • 203r
  • 203rp Firmware
  • Ap-300 Series Access Points Firmware
  • Ap-300 Series Instant Access Points Firmware
  • 203r Firmware

Configuration 1 [-]

OR cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:arubanetworks:203rp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:203rp:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:arubanetworks:203r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:203r:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:arubanetworks:ap-300_series_access_points_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-300_series_access_points:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:arubanetworks:ap-300_series_instant_access_points_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-300_series_instant_access_points:-:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/105814 Third Party Advisory VDB Entry
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt Mitigation Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2018-12-07T21:00:00

Updated: 2018-12-08T10:57:01

Reserved: 2018-02-15T00:00:00

Link: CVE-2018-7080

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-12-07T21:29:01.390

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-7080

JSON object: View

cve-icon Redhat Information

No data.

CWE