Bleedingbit

Researchers from the firm Armis identified two bugs, which impact Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki, and Aruba wireless access points (APs). Cisco has pointed out that most of their devices have Bluetooth disabled by default.

The vulnerable BLE chips CC2640 and CC2650 are used by roughly 70 per cent of industry level wireless access points and affected many products from vendors like Cisco, Meraki and Aruba products. This bug takes advantage of a loophole in the way Bluetooth chips analyse incoming data.

If an attacker runs a buffer overflow attack, they could compromise a device, which could allow the attacker to run malicious code. As these devices are implemented as in corporate networks through a compromise device an attacker could gain deep access into enterprise networks. So depending on the attack and the attacker skill Bleedingbit could result in serious compromises for many organisations.

Its also important to note we could be talking about a lot more risk here than just corporate network, because these chips may also exist in other critical devices like medical device like pacemakers, insulin pumps and other monitoring devices. The risk here could even go further as there is a possibility that many other IOT device many be impacted POS (Point of sales) systems.

The first vulnerability (CVE-2018-16986), exists in TI chips CC2640 and CC2650 chips.
The second vulnerability (CVE-2018-7080), exists in CC2642R2, CC2640R2, CC2640, CC2650, CC2540, and CC2541 chips.

Several vendors have released patches for affected hardware, so we recommend that if you have any concerns with specific hardware device to check for further info on the vendor website.
Cisco, Meraki, and Aruba have released a security patch for many products. 

Related Posts
Researchers warn of a new attack that could be carried out in where in less than about 30 seconds and potentially affects millions of laptops globally. But is the attack ...
READ MORE
Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
Are all the big vendors playing down concerns over the impact of the Spectre and Meltdown vulnerabilities affecting computers systems, corporate servers and even mobile devices? Who is impacted: computers and ...
READ MORE
Critical Unpatched Flaws Disclosed In Western Digital ‘My Cloud’ Storage Devices
Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital's My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to ...
READ MORE
Hundreds of GPS Location Tracking Services Leaving User Data Open to Hackers
15-Year-Old Apple macOS 0-Day Kernel Flaw Disclosed, Allows Root Access A security researcher on New Year's eve made public the details of an unpatched security vulnerability in Apple's macOS operating system ...
READ MORE
January Microsoft Patches plus fix for zero-day vulnerability
If you expected the January Microsoft Patch reveals to one contain the CPU updates that address major security flaws like Meltdown and Spectre then you might be surprised to see ...
READ MORE
Meltdown and Spectre – Understanding and mitigating
Meltdown and Spectre - Understanding and mitigating the threats - SANS DFIR Webcast   On Jan 3 2018, two new vulnerabilities (Meltdown and Spectre) were introduced that are in the architecture of ...
READ MORE
Hundreds of GPS Location Tracking Services Leaving User Data Open to Hackers
Security researchers have unearthed multiple vulnerabilities in hundreds of GPS services that could enable attackers to expose a whole host of sensitive data on millions of online location tracking devices ...
READ MORE
More than 115000 Drupal Sites are still Vulnerable to the Drupalgeddon2 Exploit
Across the intent thousands of websites are running on the Drupal. Reports from a Security researcher Troy Mursch who ran a scan across the whole Internet found over 115000 Drupal ...
READ MORE
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
  Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost ...
READ MORE
OS X High Sierra Zero-Day Announced
Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS Sierra operating system that could allow a malicious application ...
READ MORE
New Intel AMT Security Vulnerability that Lets Hackers
Vendors Share Patch Updates on Spectre and Meltdown
Critical Unpatched Flaws Disclosed In Western Digital ‘My
Hundreds of GPS Location Tracking Services Leaving User
Meltdown and Spectre – Understanding and mitigating
Hundreds of GPS Location Tracking Services Leaving User
More than 115000 Drupal Sites are still Vulnerable
Meltdown and Spectre CPU Flaws Affect Intel, ARM,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You might also likeclose