PSIRT Advisory

BlueBorne vulnerabilities and security flaws in Bluetooth stacks

Summary

A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in the worst case allow an unauthenticated attacker to perform unauthorized commands on the device.

The related CVEs are:

1. Linux Kernel Remote Denial of Service in Bluetooth subsystem - CVE-2017-1000251
2. Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250
3. Android information Leak vulnerability - CVE-2017-0785
4. Android RCE vulnerability 1 - CVE-2017-0781
5. Android RCE vulnerability 0000002 - CVE-2017-0782
6. The Bluetooth Pineapple in Android - Logical Flaw CVE-2017-0783
7. The Bluetooth Pineapple in Windows - Logical Flaw CVE-2017-8628
8. Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315

Impact

Denial of Service (DoS), RCE, Information Leak

Affected Products

The following Fortinet products are NOT affected:

FortiOS
FortiAP
FortiSwitch
FortiAnalyzer
FortiMail
FortiManager
FortiWeb
Meru AP