cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ADTSA-2021003: Multiple Bluesocket vulnerabilities

ADTSA-2021003: Multiple Bluesocket vulnerabilities

Description


Bluesocket release 3.7.1 addresses the following security vulnerabilities:

  • Dirty COW privilege escalation vulnerability
  • Shell access on vWLAN for ADTRAN debugging was available via SSH public key authentication using a preinstalled key. The preinstalled key has been removed. Shell access for ADTRAN debugging is now enabled by a customer installed patch that can be removed when debugging is complete.
  • SSH private keys used for debug access were included on the filesystem. These keys have been removed and are no longer used for access.

CVE IDs



Affected Products


Product Family Severity Notes
Bluesocket High  

Mitigating Factors & Recommended Actions


Product Family Mitigating Factors Recommended Actions
Bluesocket SSH access to the vWLAN server and APs is required for exploitation. Apply firewall rules in the network to prevent unnecessary access to the vWLAN server and APs. A list of ports used by Bluesocket and the purpose for each is available in Required Ports and Protocols for vWLAN Operation.

Resolution


Product Family Resolution
Bluesocket Upgrade to Bluesocket 3.7.1.

Acknowledgements


ADTRAN would like to thank Velocity for reporting these vulnerabilities.

Revision History


Revision Date Changes
A 2021-08-03 Initial release.
Version history
Revision #:
9 of 9
Last update:
‎08-03-2021 11:14 AM
Updated by:
 
Contributors