CVE-2018-7080

Name of the Vulnerable Software and Affected Versions Texas Instruments Bluetooth Low Energy versions (affected versions not specified) Aruba Access points (affected versions not specified)

Description The issue is caused by a repeated memory release in the OAD mechanism of Texas Instruments Bluetooth Low Energy microcontroller firmware. An attacker could exploit this to gain full control over the device. For Aruba Access points, the vulnerability exists in the firmware of embedded BLE radios and could allow an attacker to install malicious firmware and gain access to the console port if the BLE radio is enabled.

Recommendations For Texas Instruments Bluetooth Low Energy, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Aruba Access points, consider disabling the BLE radio to minimize the risk of exploitation, as it is disabled by default.