New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points

A vulnerability has been uncovered in Aruba, Cisco, and Meraki Access Points. There is an exploit in the Bluetooth Low Energy (BLE) chips. An attacker can load packets of data containing malicious code to the chip and then load an execution packet that makes the system execute the previously loaded data packets. The executed data provides the attacker full access to the device. The Aruba device has over-the-air updating capabilities which allow the attacker to drop a larger payload. Cisco has already published an update for their devices and Meraki has released guidance to help the user disable this functionality.

Relevant URL(s):

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
https://documentation.meraki.com/MR/Bluetooth/Bluetooth_Low_Energy_(BLE)#Enable_Bluetooth_Scanning