BleedingBit Exposes Enterprise Access Points and Unmanaged Devices to Undetectable Chip Level Attack (Nov 1, 2018)
Two Bluetooth Low Energy (BLE) vulnerabilities have been discovered, dubbed "BLEEDINGBIT," that affect the access points that deliver Wi-Fi to enterprise networks manufactured by Cisco, Meraki, and Aruba, according to researchers at Armis. The vulnerabilities are registered as "CVE-2018-16986" and "CVE-2018-7080." These two vulnerabilities allow an unauthenticated threat actor remote access to enterprise networks without detection by granting initial access via the unsecured access points. A threat actor would then be able to move laterally between network segments and could bridge them together. The BLE chips are becoming increasingly utilised by a variety of industries which are supposed to help create close-knit networks and enable the use of Internet-of-Things (IoT) devices by enterprises.
Recommendation: These two vulnerabilities highlight the necessity for improved security of network infrastructure. The use of hardware and/or software by third-party vendors can allow for potential ignorance to possible security weaknesses in those products. Security patch maintenance is paramount because once vulnerabilities are reported on in open sources, sometimes with proof-of-concept code, threat actors commonly utilise that information and begin conducting attacks.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.