Badcaps.net Forum
Go Back   Badcaps Forums > Troubleshooting Hardware & Devices and Electronics Theory > Troubleshooting & Designing Networks
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools Display Modes
Old 11-01-2018, 01:38 PM   #1
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 851
Default AP/BLE vulnerabilities

New 0-day vulnerabilities:

https://cve.mitre.org/cgi-bin/cvenam...CVE-2018-16986

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2018-7080
Curious.George is offline   Reply With Quote
Old 11-01-2018, 05:24 PM   #2
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 19,334
Default Re: AP/BLE vulnerabilities

Quote:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
you must be an insider - they arent saying shit right now.
stj is offline   Reply With Quote
Old 11-01-2018, 06:59 PM   #3
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 851
Default Re: AP/BLE vulnerabilities

Quote:
Originally Posted by stj View Post
you must be an insider - they arent saying shit right now.
<frown> Sorry, I elided the explanatory text on the assumption that the formal alert would have contained equivalent information...

The first applies to Cisco/Meraki APs using TI BLE devices. An adversary can remotely (OTA) send multiple benign BLE advertising packets. These end up in the chips memory and can act to transport malicious codeinto the targeted device. Then, an overflow packet triggers access to this code by corrupting the BLE stack. I.e., the device (which is an AP!) is then pwned. The attacker then has a beachhead to launch/propagate attacks to other APs and devices served by the APs -- he's INSIDE the trust zone.

The second applies to Aruba Series 300 APs (using TI devices). It is, essentially, a backdoor that was never sealed off by the developers.
Curious.George is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums 2003 - 2018
Powered by vBulletin ®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 01:14 AM.

Did you find this forum helpful?