Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

I have some AIR-CAP3702I-A-K9   APs   controlled by a 2500 series WLC running 7.6.120.0.

Am I affected by this vulnerability. If yes , what is the fix release?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

Yes, your APs would be affected if and only if you have 802.11r (FT) enabled on your WLAN(s). The fix is in 8.3.130.0/8.3.131.0 (the latter also fixes the problem on AP-COS APs.) We will soon be releasing fixed versions of 8.0, 8.2 and 8.5 as well.

Aaron
4 REPLIES
Cisco Employee

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

Yes, your APs would be affected if and only if you have 802.11r (FT) enabled on your WLAN(s). The fix is in 8.3.130.0/8.3.131.0 (the latter also fixes the problem on AP-COS APs.) We will soon be releasing fixed versions of 8.0, 8.2 and 8.5 as well.

Aaron
Hall of Fame Super Gold

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

A quick update to anyone reading this thread and intending to upgrade to 8.3.132.0:
Cisco TAC has recommended anyone to HOLD OFF upgrading to 8.3.132.0. TAC has identified a Severity 1 bug which causes the controller to crash after upgrading to 8.3.132.0.
There are no reported issues in regards to other versions.
Highlighted
Hall of Fame Super Gold

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

KRACK.png

 

Just a reminder that this vulnerability affects anything with a wireless NIC.  It's not just wireless AP but also wireless clients as well.  Patching the client will fix 9 out of 10 vulnerabilities but not CVE-2017-13082.  (CVE-2017-13082 will be patched on the AP side.)  

Hall of Fame Super Gold

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.
499
Views
5
Helpful
4
Replies
CreatePlease login to create content