Security Alert

Aruba BLE Radio Firmware Vulnerability
AA Technical Bulletin 171027-01


There's a recently discovered vulnerability regarding the Aruba BLE Radio Firmware where an attacker could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port.

Products affected:
- AP-3xx and IAP-3xx series access points
- AP-203R
- AP-203RP
- ArubaOS 6.4.4.x prior to 6.4.4.20
- ArubaOS 6.5.3.x prior to 6.5.3.9
- ArubaOS 6.5.4.x prior to 6.5.4.9
- ArubaOS 8.x prior to 8.2.2.2
- ArubaOS 8.3.x prior to 8.3.0.4

The AP207 is not affected, as it contains a different BLE implementation.
Other Aruba AP models not listed here do not contain a BLE radio and are not
affected.

This vulnerability is applicable only if the BLE radio has been enabled, which comes disabled by default.

The threat is resolved in the following software releases:
- ArubaOS 6.4.4.20
- ArubaOS 6.5.3.9
- ArubaOS 6.5.4.9
- ArubaOS 8.2.2.2
- ArubaOS 8.3.0.4

If you suspect you have been affected, or you need assistance in updating your hardware, please contact us at support@aeroaccess.de. Our experts will make sure the threat is either prevented or mitigated and contained.

For more information, read the complete Security Bulletin from the Aruba Networks website:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-006.txt


top