Cisco Bug: CSCvk44163 - Cisco Access Point BLE STACK Texas Instruments CC2640 / CC2650 RCE Vulnerability
Apr 26, 2020
- Cisco Aironet 1850 Series Access Points
Known Affected Releases
Symptom: On November 1st, 2018 Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) STACK on Texas Instruments (TI) chips CC2640 and CC2650. This has been assigned the Common Vulnerability Enumeration ID of CVE-2018-16986. The vulnerability is due to a memory corruption condition that may occur when processing malformed BLE frames. An attacker in close proximity to an affected device that is actively scanning could exploit the issue by broadcasting malformed BLE frames. A successful exploit may result in the attacker gaining the ability to execute arbitrary code or cause a denial of service condition. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap Conditions: Please refer to the Security Advisory. The BLE support was added for Early Field Trials (EFTs) only for 8.6. Cisco Aironet Access Points first supported the BLE feature in software release 8.7 which means an Access Point is only vulnerable if running software release 188.8.131.52 or 184.108.40.206. The first fixed release available on CCO in 220.127.116.11.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases