Security Advisory – Multiple “BlueBorne” vulnerabilities on Huawei Products

There are multiple vulnerabilities of the BlueTooth Network in some Huawei products. These vulnerabilities are as follows:

1.Remote Code Execution Vulnerability

This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. (Vulnerability ID: HWPSIRT-2017-09131)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0781.

2. Remote Code Execution vulnerability

This vulnerability is similar to the previous one, but resides in a higher level of the BNEP service – the Personal Area Networking (PAN) profile – which is responsible for establishing an IP based network connection between two devices. Similar to the previous vulnerability, successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. (Vulnerability ID: HWPSIRT-2017-09132)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0782.

3. The Bluetooth Pineapple – Man in The Middle attack

This vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This vulnerability could allow an attacker to launch man-in-the-middle (MITM) attacks. (Vulnerability ID: HWPSIRT-2017-09133)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0783.

4. Information Leak Vulnerability

The vulnerability was found in the SDP (Service Discovery Protocol) server, which enables the device to identify other Bluetooth services around it. The flaw allows the attacker to send a set of crafted requests to the server, causing it to disclose memory bits in response. These pieces of information can later be used by the attacker to overcome advanced security measures and take control over the device. (Vulnerability ID: HWPSIRT-2017-09134)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0785.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-blueborne-en