Researchers from the firm Armis identified two bugs, which impact Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki, and Aruba wireless access points (APs). Cisco has pointed out that most of their devices have Bluetooth disabled by default.
The vulnerable BLE chips CC2640 and CC2650 are used by roughly 70 per cent of industry level wireless access points and affected many products from vendors like Cisco, Meraki and Aruba products. This bug takes advantage of a loophole in the way Bluetooth chips analyse incoming data.
If an attacker runs a buffer overflow attack, they could compromise a device, which could allow the attacker to run malicious code. As these devices are implemented as in corporate networks through a compromise device an attacker could gain deep access into enterprise networks. So depending on the attack and the attacker skill Bleedingbit could result in serious compromises for many organisations.
Its also important to note we could be talking about a lot more risk here than just corporate network, because these chips may also exist in other critical devices like medical device like pacemakers, insulin pumps and other monitoring devices. The risk here could even go further as there is a possibility that many other IOT device many be impacted POS (Point of sales) systems.
The first vulnerability (CVE-2018-16986), exists in TI chips CC2640 and CC2650 chips.
The second vulnerability (CVE-2018-7080), exists in CC2642R2, CC2640R2, CC2640, CC2650, CC2540, and CC2541 chips.
Several vendors have released patches for affected hardware, so we recommend that if you have any concerns with specific hardware device to check for further info on the vendor website.
Cisco, Meraki, and Aruba have released a security patch for many products.