PSIRT

FortiAP Bleeding Bit Vulnerability

Summary

Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiFi chips.

CVE-2018-16986:

Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.

Affected Products

Only the following FortiAP models are impacted:

FortiAP-S: FAP_S221E and FAP_S223E

FortiAP-W2: FAP_221E (Gen2), FAP_222E and FAP_223E (Gen2)

Other FortiAP models (including FAP-U/FAP-W2/FAP-S series) are not impacted.

MeruAP models are not impacted

Solutions

Upgrade the impacted FortiAP-S/W2 models to 5.6.4 or 6.0.4

Workarounds

When the affected FortiAP-S/W2 models are managed by a FortiGate, enter the following CLI commands to disable the BLE scanning feature:

config wireless-controller ble-profile
edit [profile-name]
set ble-scanning disable (*disable is the default value)
next
end

Revision History

2019-04-10 Initial Version
2019-04-15 Corrected the FortiAP-W2 affected models.

References

https://armis.com/bleedingbit/

IR Number	FG-IR-18-356
Date	Apr 10, 2019
Severity	Medium
CVSSv3 Score	5.2
Impact	Execute unauthorized code or commands
CVE ID	CVE-2018-16986
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

FortiAP Bleeding Bit Vulnerability

Summary

Affected Products

Solutions

References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

FortiAP Bleeding Bit Vulnerability

Summary

Affected Products

Solutions

References

Threat Intelligence
Center