Showing results for 
Show  only  | Search instead for 
Did you mean: 

ADTSA-2021003: Multiple Bluesocket vulnerabilities

ADTSA-2021003: Multiple Bluesocket vulnerabilities


Bluesocket release 3.7.1 addresses the following security vulnerabilities:

  • Dirty COW privilege escalation vulnerability
  • Shell access on vWLAN for ADTRAN debugging was available via SSH public key authentication using a preinstalled key. The preinstalled key has been removed. Shell access for ADTRAN debugging is now enabled by a customer installed patch that can be removed when debugging is complete.
  • SSH private keys used for debug access were included on the filesystem. These keys have been removed and are no longer used for access.


Affected Products

Product Family Severity Notes
Bluesocket High  

Mitigating Factors & Recommended Actions

Product Family Mitigating Factors Recommended Actions
Bluesocket SSH access to the vWLAN server and APs is required for exploitation. Apply firewall rules in the network to prevent unnecessary access to the vWLAN server and APs. A list of ports used by Bluesocket and the purpose for each is available in Required Ports and Protocols for vWLAN Operation.


Product Family Resolution
Bluesocket Upgrade to Bluesocket 3.7.1.


ADTRAN would like to thank Velocity for reporting these vulnerabilities.

Revision History

Revision Date Changes
A 2021-08-03 Initial release.
Version history
Revision #:
9 of 9
Last update:
‎08-03-2021 01:14 PM
Updated by: