Description
Bluesocket release 3.7.1 addresses the following security vulnerabilities:
- Dirty COW privilege escalation vulnerability
- Shell access on vWLAN for ADTRAN debugging was available via SSH public key authentication using a preinstalled key. The preinstalled key has been removed. Shell access for ADTRAN debugging is now enabled by a customer installed patch that can be removed when debugging is complete.
- SSH private keys used for debug access were included on the filesystem. These keys have been removed and are no longer used for access.
CVE IDs
Affected Products
| Product Family |
Severity |
Notes |
| Bluesocket |
High |
|
Mitigating Factors & Recommended Actions
| Product Family |
Mitigating Factors |
Recommended Actions |
| Bluesocket |
SSH access to the vWLAN server and APs is required for exploitation. |
Apply firewall rules in the network to prevent unnecessary access to the vWLAN server and APs. A list of ports used by Bluesocket and the purpose for each is available in Required Ports and Protocols for vWLAN Operation. |
Resolution
| Product Family |
Resolution |
| Bluesocket |
Upgrade to Bluesocket 3.7.1. |
Acknowledgements
ADTRAN would like to thank Velocity for reporting these vulnerabilities.
Revision History
| Revision |
Date |
Changes |
| A |
2021-08-03 |
Initial release. |
