Aruba BLE Radio Firmware Vulnerability
AA Technical Bulletin 171027-01
There's a recently discovered vulnerability regarding the Aruba BLE Radio Firmware where an attacker could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port.
- AP-3xx and IAP-3xx series access points
- ArubaOS 6.4.4.x prior to 18.104.22.168
- ArubaOS 6.5.3.x prior to 22.214.171.124
- ArubaOS 6.5.4.x prior to 126.96.36.199
- ArubaOS 8.x prior to 188.8.131.52
- ArubaOS 8.3.x prior to 184.108.40.206
The AP207 is not affected, as it contains a different BLE implementation.
Other Aruba AP models not listed here do not contain a BLE radio and are not
This vulnerability is applicable only if the BLE radio has been enabled, which comes disabled by default.
The threat is resolved in the following software releases:
- ArubaOS 220.127.116.11
- ArubaOS 18.104.22.168
- ArubaOS 22.214.171.124
- ArubaOS 126.96.36.199
- ArubaOS 188.8.131.52
If you suspect you have been affected, or you need assistance in updating your hardware, please contact us at firstname.lastname@example.org. Our experts will make sure the threat is either prevented or mitigated and contained.
For more information, read the complete Security Bulletin from the Aruba Networks website: