PSIRT Advisory

FortiAP Bleeding Bit Vulnerability

Summary

Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiFi chips.


CVE-2018-16986:

Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.

Impact

Execute unauthorized code or commands

Affected Products

Only the following FortiAP models are impacted:


FortiAP-S: FAP_S221E and FAP_S223E

FortiAP-W2: FAP_221E (Gen2), FAP_222E and FAP_223E (Gen2)


Other FortiAP models (including FAP-U/FAP-W2/FAP-S series) are not impacted.


MeruAP models are not impacted

Solutions

Upgrade the impacted FortiAP-S/W2 models to 5.6.4 or 6.0.4


Workarounds


When the affected FortiAP-S/W2 models are managed by a FortiGate, enter the following CLI commands to disable the BLE scanning feature:


config wireless-controller ble-profile
edit [profile-name]
set ble-scanning disable (*disable is the default value)
next
end


Revision History


2019-04-10 Initial Version
2019-04-15 Corrected the FortiAP-W2 affected models.