Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-7080

Опубликовано: 07 дек. 2018
Источник: nvd
CVSS3: 7.5
CVSS2: 5.4
EPSS Низкий

Описание

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Версия от 6.4.4.0 (включая) до 6.4.4.20 (исключая)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Версия от 6.5.3.0 (включая) до 6.5.3.9 (исключая)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Версия от 6.5.4.0 (включая) до 6.5.4.9 (исключая)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Версия от 8.0.0.0 (включая) до 8.2.2.2 (исключая)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Версия от 8.3.0.0 (включая) до 8.3.0.4 (исключая)
Конфигурация 2

Одновременно

cpe:2.3:o:arubanetworks:203rp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:203rp:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:arubanetworks:203r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:203r:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:arubanetworks:ap-300_series_access_points_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-300_series_access_points:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:arubanetworks:ap-300_series_instant_access_points_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-300_series_instant_access_points:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%
0.00241
Низкий

7.5 High

CVSS3

5.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-c828-r7p5-j3g3

CVSS3: 7.5
github
больше 3 лет назад

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.

fstec логотип

BDU:2018-01472

CVSS3: 7.1
fstec
больше 7 лет назад

Уязвимость механизма обновлений OAD микропрограммного обеспечения микроконтроллеров Texas Instruments Bluetooth Low Energy, позволяющая нарушителю получить полный контроль над устройством

EPSS

Процентиль: 47%
0.00241
Низкий

7.5 High

CVSS3

5.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo