Badcaps Forums

Badcaps Forums (
-   Troubleshooting & Designing Networks (
-   -   AP/BLE vulnerabilities (

Curious.George 11-01-2018 12:38 PM

AP/BLE vulnerabilities
New 0-day vulnerabilities:

stj 11-01-2018 04:24 PM

Re: AP/BLE vulnerabilities

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
you must be an insider - they arent saying shit right now.

Curious.George 11-01-2018 05:59 PM

Re: AP/BLE vulnerabilities

Originally Posted by stj (Post 859914)
you must be an insider - they arent saying shit right now.

<frown> Sorry, I elided the explanatory text on the assumption that the formal alert would have contained equivalent information...

The first applies to Cisco/Meraki APs using TI BLE devices. An adversary can remotely (OTA) send multiple benign BLE advertising packets. These end up in the chips memory and can act to transport malicious codeinto the targeted device. Then, an overflow packet triggers access to this code by corrupting the BLE stack. I.e., the device (which is an AP!) is then pwned. The attacker then has a beachhead to launch/propagate attacks to other APs and devices served by the APs -- he's INSIDE the trust zone.

The second applies to Aruba Series 300 APs (using TI devices). It is, essentially, a backdoor that was never sealed off by the developers.

All times are GMT -6. The time now is 09:33 AM.

Powered by vBulletin ®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.