FortiAP Bleeding Bit Vulnerability
Summary
Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiFi chips.
CVE-2018-16986:
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
Affected Products
Only the following FortiAP models are impacted:
FortiAP-S: FAP_S221E and FAP_S223E
FortiAP-W2: FAP_221E (Gen2), FAP_222E and FAP_223E (Gen2)
Other FortiAP models (including FAP-U/FAP-W2/FAP-S series) are not impacted.
MeruAP models are not impacted
Solutions
Upgrade the impacted FortiAP-S/W2 models to 5.6.4 or 6.0.4
Workarounds
When the affected FortiAP-S/W2 models are managed by a FortiGate, enter the following CLI commands to disable the BLE scanning feature:
config wireless-controller ble-profile
edit [profile-name]
set ble-scanning disable (*disable is the default value)
next
end
Revision History
2019-04-10 Initial Version
2019-04-15 Corrected the FortiAP-W2 affected models.