CVE-2018-7080
First published: Fri Dec 07 2018(Updated: )
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ArubaOS | >=6.4.4.0<6.4.4.20 | |
| ArubaOS | >=6.5.3.0<6.5.3.9 | |
| ArubaOS | >=6.5.4.0<6.5.4.9 | |
| ArubaOS | >=8.0.0.0<8.2.2.2 | |
| ArubaOS | >=8.3.0.0<8.3.0.4 | |
| Aruba Networks 203RP Firmware | ||
| Aruba Networks 203RP Firmware | ||
| Aruba Networks 203R Firmware | ||
| Aruba Networks 203R Firmware | ||
| Aruba Networks AP-300 Series Access Points Firmware | ||
| Aruba Networks AP-300 Series Access Points Firmware | ||
| Aruba Networks AP-300 Series Access Points Firmware | ||
| Aruba Networks AP-300 Series Access Points Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-7080?
CVE-2018-7080 is considered a critical vulnerability due to the potential for unauthorized access to the access point's console port.
How do I fix CVE-2018-7080?
To fix CVE-2018-7080, update the ArubaOS firmware to a version that is not affected by this vulnerability.
Which software versions are affected by CVE-2018-7080?
CVE-2018-7080 affects specific versions of ArubaOS between 6.4.4.0 and 6.4.4.20, 6.5.3.0 and 6.5.3.9, 6.5.4.0 and 6.5.4.9, 8.0.0.0 and 8.2.2.2, and 8.3.0.0 and 8.3.0.4.
What type of attack can be performed using CVE-2018-7080?
An attacker exploiting CVE-2018-7080 could install malicious firmware onto the AP's BLE radio, gaining unauthorized access to the access point.
Is CVE-2018-7080 related to specific hardware?
Yes, CVE-2018-7080 is related to embedded BLE radios in certain Aruba Access Points.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/arubanetworks
- canonical/arubaos
- version/arubaos/6.4.4.0
- version/arubaos/6.5.3.0
- version/arubaos/6.5.4.0
- version/arubaos/8.0.0.0
- version/arubaos/8.3.0.0
- canonical/aruba networks 203rp firmware
- canonical/aruba networks 203r firmware
- canonical/aruba networks ap-300 series access points firmware