You are here
Home > Preporuke > Ranjivost Cisco BLE softvera

Ranjivost Cisco BLE softvera

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20181101-ap

Revision: 1.0

For Public Release: 2018 November 1 15:00 GMT

Last Updated: 2018 November 1 15:00 GMT

CVE ID(s): CVE-2018-16986

CVSS Score v(3): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

On November 1st, 2018, Armis announced the presence of a Remote Code Execution (RCE) or Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID of CVE-2018-16986.

The vulnerability is due to a memory corruption condition that may occur when processing malformed BLE frames. An attacker in close proximity to an affected device that is actively scanning could exploit the issue by broadcasting malformed BLE frames. A successful exploit may result in the attacker gaining the ability to execute arbitrary code or cause a denial of service condition on an affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJb2xllXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczIREP/2/Xt0jz+ViZtPkmmadXQGYDpFXu
5e4UY80bw6JyrVzC0TkovHyEMbMPtNTItknVHnWQ02kNcPATJdXqxUFRaIWGYox+
IHkJBuTB9XQds6Yh4zRcGW+nbRRfDDp1SCdiroh8pWLMPXMw8Y+1/TkTvy9JVuTz
sPnoxnc1rwub8CToTipb4gUcHON96bp+PG+gjSTfp4D1+SwBcg3hNiIhqfxMWN2K
SnF0Euj1S/aSCfYUR/63Jvsw55n/ApkhHKtMOOJtqgzogfyZqDRJPKGGULZj7Swj
fusVT+XATM6PBcMlh+6g8I2NgU/jHj+an1cjB7Ur5/Wfb4BgMx2o57t3pD1Fb9k0
sNDLUZi/jFG5fy97x6fzj+gWBqfQBSriwIgmL2uVhhEaQAjSKD/bK1KHhfdHVGq3
3zD1IKClAZngxAwjqOz0Hc9yT6syLbe0LGtE1GCDnKm2Zw5aeH83UQTxJ32s21sH
VWKWqYNWbbVYKIFQaL7uKl09oc4+UtshuKmYv5s+p2Lq6TLjdW+4xNWzCBzhsV8x
xQehajUZ8tDMcGSO6DDuAO5QVZqbCPwYHq8TPsd7pi7OIBfASsbKpmHHF50Z0KhB
wT+3AdItPEocRKedCdwaGWrnS5Vi5oL7YXzM+6QB1VrQN235JMNXwuc11DikHbcL
6rDiKqh+8IeTMIeQ
=KJ2L
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorToni Vugdelija
Cert idNCERT-REF-2018-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Ranjivost Cisco ASA i FTD softvera

Otkrivena je ranjivost u SIP (Session Initiation Protocol) značajci Cisco ASA (Adaptive Security Appliance) i FTD (Firepower Threat Defense) softvera....

Close