Bleeding Bit Vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-356 Final 1 1 2019-04-10T00:00:00 Current version 2019-04-10T00:00:00 2019-04-10T00:00:00 Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiFi chips.CVE-2018-16986:Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Execute unauthorized code or commands Only the following FortiAP models are impacted:FortiAP-S: FAP_S221E and FAP_S223EFortiAP-W2: FAP_221E (Gen2), FAP_222E and FAP_223E (Gen2)Other FortiAP models (including FAP-U/FAP-W2/FAP-S series) are not impacted.MeruAP models are not impacted Upgrade the impacted FortiAP-S/W2 models to 5.6.4 or 6.0.4Workarounds:When the affected FortiAP-S/W2 models are managed by a FortiGate, enter the following CLI commands to disable the BLE scanning feature:config wireless-controller ble-profileedit [profile-name]set ble-scanning disable (*disable is the default value)nextendRevision History:2019-04-10 Initial Version2019-04-15 Corrected the FortiAP-W2 affected models. https://fortiguard.fortinet.com/psirt/FG-IR-18-356 Bleeding Bit Vulnerability https://armis.com/bleedingbit/ https://armis.com/bleedingbit/ CVE-2018-16986 5.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-356 Bleeding Bit Vulnerability Reference> https://armis.com/bleedingbit/ https://armis.com/bleedingbit/