188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psi -2018-006 CVE: CVE-2018-7080发布日期:2018-10-31状态:已确认修订:2标题===== Aruba BLE Radio Firmware Vulnerability Overview ========在一些Aruba接入点的嵌入式BLE无线电固件中存在一个漏洞。能够利用该漏洞的攻击者可以将新的、潜在的恶意固件安装到AP的BLE无线电中，然后可以访问AP的控制台端口。Aruba产品不受CVE-2018-16986类似漏洞影响。影响产品================= - AP-3xx、IAP-3xx系列接入点- AP-203R - AP-203RP - ArubaOS 6.4.4。ArubaOS 6.5.3。ArubaOS 6.5.4之前的版本。ArubaOS 8。ArubaOS 8.3之前的版本。AP207不受影响，因为它包含一个不同的BLE实现。其他阿鲁巴AP模型不在这里列出不包含BLE无线电和不受影响。详情=======此漏洞仅在受影响的接入点中启用了BLE无线电时才适用。缺省情况下，BLE收音机是禁用的。 The BLE radio used in the affected APs contains functionality that allows for over-the-air firmware updates. Access to this functionality is protected by a password. Unfortunately, it was discovered that an attacker with access to a software image (e.g. downloaded from the Aruba website), or with access to the AP hardware, could recover the password. With access to the password, an attacker can push malicious firmware updates to the BLE radio wirelessly. There are two consequences of malicious firmware running in the BLE radio: - Features which use the BLE radio for wayfinding or management of BLE beacons could be disrupted. Wayfinding applications could show erroneous position information and administrators could lose the ability to manage BLE beacons. - The BLE radio provides an optional feature called BluConsole. This feature permits access to the AP serial console over BLE. While this feature is enabled/disabled from within ArubaOS by the AP CPU, the AP CPU merely sends an enable/disable message to the BLE radio. Actual enforcement of the feature is performed by the BLE radio itself. Therefore, malicious BLE firmware would have direct access to the AP's serial console. This could allow an attacker to disrupt settings in the AP's boot ROM, resulting in potential denial of service. Note: Console access to a running ArubaOS AP software image is password-protected, unless password protection has been explicitly disabled by the administrator. Serial console access would thus provide access only to the boot ROM configuration, not to an AP that has already booted and is running ArubaOS. Gaining access to the boot ROM configuration would require rebooting the access point, typically necessitating physical access to the AP or passively waiting for an AP reboot to occur. Severity: HIGH CVSSv3 Overall Score: 7.1 CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H Resolution ========== Upgrade to one of the following software releases. Note that at the time of initial publication, only ArubaOS 6.5.4.9 has been released. Aruba typically prefers to issue security advisories only after updates are made available for all supported branches. Unfortunately, Aruba became aware that news of this vulnerability had been prematurely leaked by one of the other parties involved, which has necessitated early disclosure. This vulnerability is resolved in the following software releases: - - - - - ArubaOS 6.4.4.20 - - - - - ArubaOS 6.5.3.9 - - - - - ArubaOS 6.5.4.9 - - - - - ArubaOS 8.2.2.2 - - - - - ArubaOS 8.3.0.4 After installing updated software, over-the-air firmware updates for the BLE radio will only be possible after the following ArubaOS CLI command has been issued: ap ble-init-action ap-name ota-fw-upgrade enable如果未下发此命令，则禁用无线固件更新。解决方案===========禁用BLE无线电将缓解该漏洞。在ArubaOS中，这是通过AP系统配置文件完成的:# conf t (config) # AP系统配置文件 # ble mode disabled在Aruba Instant中，使用以下命令:# ble mode disabled Exploitation and Public Discussion ================================== Aruba在发布时意识到该信息的传播有限。该信息原本计划于2018年11月1日公开，因此预计该问题将在该日期或之前被更广泛地了解。发现=========此漏洞是由Armis发现并报告的。修订历史================ Revision 1 / 2018-10-18 /首次发布Revision 2 / 2018-10-31 /更新包括AP-203R/203RP Aruba SIRT安全程序==============================关于报告Aruba网络产品安全漏洞的完整信息，获取安全事件的帮助可在以下网站获取://www.nexbus-cng.com/support-services/security-bulletins/报告*新*阿鲁巴网络安全问题，电子邮件可发送到aruba-sirt(at)hpe.com。对于敏感信息，我们鼓励使用PGP加密。我们的公钥可在以下网址找到://www.nexbus-cng.com/support-services/security-bulletins/ (c)版权2018，由惠普企业公司Aruba提供。本建议可以在文本顶部给出的发布日期之后自由地重新发布，只要重新发布的副本是完整的和未经修改的，包括所有数据和版本信息。-----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAlvZ1ygACgkQmP4JykWF htlYkQf/T7Uz3Ep99VknAhelbo+ZvKyo8WXSoUQ3/4yT4h6vTLdzVzctb7yZZ3jh ubifIJN0VZQ6gyJcVCVUN5+NO7qGL5fGfWb9NjGIbyByXJQ0TxnfXLjJSEMjQND9 +AG/GWVhFOxDBnzD8s8uaVEQ+K1n+HbcaMDybaYbt8zTNKckjr9+Dl/JmZAbEd1Radfziqtqni8arer1qg / w1rkjkomyuhgnytvcugc2lkxe7mzhxstqpztdnisnc YQcKVMD3Hmuq9fB9PeTb8idycLHOEAoGU8i7DWsOnXLwOMRUCCY/IiiQ7mWCGET7 5/nmOEOrCM/oINGJ5zSYeA2eijjX1w== =+0Zh -----结束PGP签名-----