0 Replies Latest reply on Nov 19, 2015 10:44 AM by evanh

    vWLAN 2.5.1/2.6.1 Critical Security Patch for BSAP Impersonation Vulnerability

    evanh Employee

      Critical Security Vulnerability Summary

       

      A security vulnerability has been identified with the ADTRAN Bluesocket vWLAN and Access Point products that could potentially allow a remote attacker to impersonate a Bluesocket Access Point, upload an arbitrary script to the Bluesocket vWLAN, and remotely execute that arbitrary script. This affects all vWLAN versions.

       

      Detailed Information

       

                  All information on this vulnerability can be found at BSAP Impersonation Security Advisory (ADTSA-BS1001).pdf

      Note: ProCloud customers are not at risk due to this vulnerability. All Cloud based controllers and ADTRAN service offerings are secure.

       

      Action Required

       

      ADTRAN recommends applying the software versions, fixes and other recommendations identified in the security advisory as soon as possible. Below is the link to the software and release notes. If you need further assistance, it can be obtained with an active service plan by opening a technical support case at https://www.adtran.com/openacase. Application of the patch is not service affecting and does not require a reboot.


      Link to Security Patch

       

                  Note: If you are on a version prior to 2.5.1 or 2.6.1, you must upgrade to version 2.5.1 or 2.6.1 and then apply the security patch to resolve the issue. You can upgrade your vWLAN by using the Upgrading BlueSocket vWLAN Controllers and Access Points document.