OpenCVE

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arubanetworks	203r 203r Firmware 203rp 203rp Firmware Ap-300 Series Access Points Ap-300 Series Access Points Firmware Ap-300 Series Instant Access Points Ap-300 Series Instant Access Points Firmware Arubaos

Configuration 1 [-]

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::

Configuration 2 [-]

AND

cpe:2.3:o:arubanetworks:203rp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:203rp:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:arubanetworks:203r_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:203r:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:arubanetworks:ap-300_series_access_points_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-300_series_access_points:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:arubanetworks:ap-300_series_instant_access_points_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-300_series_instant_access_points:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105814
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2018-12-07T21:00:00

Updated: 2024-08-05T06:17:17.458Z

Reserved: 2018-02-15T00:00:00

Link: CVE-2018-7080

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-12-07T21:29:01.390

Modified: 2024-11-21T04:11:37.020

Link: CVE-2018-7080

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object