Guest

Preview Tool

Cisco Bug: CSCvk44163 - Cisco Access Point BLE STACK Texas Instruments CC2640 / CC2650 RCE Vulnerability

Last Modified

Apr 26, 2020

Products (1)

  • Cisco Aironet 1850 Series Access Points

Known Affected Releases

8.9(1.87)

Description (partial)

Symptom:
On November 1st, 2018 Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) STACK on Texas Instruments (TI) chips CC2640 and CC2650. This has been assigned the Common Vulnerability Enumeration ID of CVE-2018-16986.

The vulnerability is due to a memory corruption condition that may occur when processing malformed BLE frames. An attacker in close proximity to an affected device that is actively scanning could exploit the issue by broadcasting malformed BLE frames. A successful exploit may result in the attacker gaining the ability to execute arbitrary code or cause a denial of service condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap

Conditions:
Please refer to the Security Advisory.

The BLE support was added for Early Field Trials (EFTs) only for 8.6.
Cisco Aironet Access Points first supported the BLE feature in software release 8.7 which means an Access Point is only vulnerable if running software release 8.7.102.0 or 8.7.106.0.

The first fixed release available on CCO in 8.8.100.0.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.