Critical Security Vulnerability Summary
A security vulnerability has been identified with the ADTRAN Bluesocket vWLAN and Access Point products that could potentially allow a remote attacker to impersonate a Bluesocket Access Point, upload an arbitrary script to the Bluesocket vWLAN, and remotely execute that arbitrary script. This affects all vWLAN versions.
All information on this vulnerability can be found at BSAP Impersonation Security Advisory (ADTSA-BS1001).pdf
Note: ProCloud customers are not at risk due to this vulnerability. All Cloud based controllers and ADTRAN service offerings are secure.
ADTRAN recommends applying the software versions, fixes and other recommendations identified in the security advisory as soon as possible. Below is the link to the software and release notes. If you need further assistance, it can be obtained with an active service plan by opening a technical support case at https://www.adtran.com/openacase. Application of the patch is not service affecting and does not require a reboot.
Note: If you are on a version prior to 2.5.1 or 2.6.1, you must upgrade to version 2.5.1 or 2.6.1 and then apply the security patch to resolve the issue. You can upgrade your vWLAN by using the Upgrading BlueSocket vWLAN Controllers and Access Points document.