Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

I have some AIR-CAP3702I-A-K9   APs   controlled by a 2500 series WLC running 7.6.120.0.

Am I affected by this vulnerability. If yes , what is the fix release?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

Yes, your APs would be affected if and only if you have 802.11r (FT) enabled on your WLAN(s). The fix is in 8.3.130.0/8.3.131.0 (the latter also fixes the problem on AP-COS APs.) We will soon be releasing fixed versions of 8.0, 8.2 and 8.5 as well.

Aaron
4 REPLIES
Cisco Employee

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

Yes, your APs would be affected if and only if you have 802.11r (FT) enabled on your WLAN(s). The fix is in 8.3.130.0/8.3.131.0 (the latter also fixes the problem on AP-COS APs.) We will soon be releasing fixed versions of 8.0, 8.2 and 8.5 as well.

Aaron
Hall of Fame Super Blue

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

A quick update to anyone reading this thread and intending to upgrade to 8.3.132.0:
Cisco TAC has recommended anyone to HOLD OFF upgrading to 8.3.132.0. TAC has identified a Severity 1 bug which causes the controller to crash after upgrading to 8.3.132.0.
There are no reported issues in regards to other versions.
Highlighted
Hall of Fame Super Blue

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

KRACK.png

 

Just a reminder that this vulnerability affects anything with a wireless NIC.  It's not just wireless AP but also wireless clients as well.  Patching the client will fix 9 out of 10 vulnerabilities but not CVE-2017-13082.  (CVE-2017-13082 will be patched on the AP side.)  

Hall of Fame Super Blue

Re: CSCvf47808%20-%20Key%20Reinstallation%20attacks%20against%20WPA%20protocol%20-%2010

Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.
621
Views
5
Helpful
4
Replies
CreatePlease to create content