Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

are the 5500 series WLC affected by this?

22 REPLIES

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Hi

This is affecting every wifi devices (access points).
You will need to upgrade following Cisco Recommendation. 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Hi, the version on my WLC is 8.0.133. Affect this too?

I saw that affected version are from 8.0.15X

 

Thanks

Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Hi,
Fixed version will be 8.0.15X (expected to be available 19th Oct). All previous versions are affected.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa#fixed_software
Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1


roseauarea wrote:

are the 5500 series WLC affected by this?


Controllers, by themselves, are not affected.  The APs, however, are.  

This vulnerability affects anything with a wireless NIC.  It's not just wireless AP but also wireless clients as well.  Patching the client will fix 9 out of 10 vulnerabilities but not CVE-2017-13082.

 

Perspective About the Recent WPA Vulnerabilities (KRACK Attacks)

Everyone's tags (2)
Cisco Employee

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

WLCs themselves are not affected, please see the "Products Confirmed Not Vulnerable" section of the security advisory:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

 

and here:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg36917

 

However, any APs managed by the WLCs are affected and will need to be upgraded.

Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Hey,

 

we have Cisco AIR-AP1602 AP's, with cisco 2504 WLC.

Software Version is 8.2.161.0.

I think this is affected.

 

But what Version I shold download to fix this ?

Has Cisco published a fixed Version for my scenario ?

Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

 

KRACK.png 

 

Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Does 47808 only apply if you have 802.11r enabled on your WLANs?  It seems like that particular bug is related to CVE-2017-13082: accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it. 

 

I think FT is fast transition which uses 802.11r protocol.  I am running 2600, 2700 and 3700 APs on 8.0.140 with FT disabled on all WLANs.

 

Let me know if I am interpreting this correctly.

 

Thanks,

Royce

Cisco Employee

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Yes, you are affected (the WLC is not, but the APs are).

 

For information on fixed software, please refer to the security advisory posted here:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

 

... and search for Cisco Aironet 1600 Series running Cisco IOS Software.

Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Okay thank you.

 

So I sould upgrade to 8.3.130.0 now ?

In 8.3.130.0 are fixed all the issues ??

Cisco Employee

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Yes, that is correct.

 

The corresponding IOS release for standalone and embedded APs is 15.3(3)JD7.

Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Hi, i am currently have WLC 5508 and running firmware version 8.0.140.0 support 2600s, 2700s and 3700s. The release show that 8.3.130.0 would fix the WPA2 CRACK. 

 

Wish to check would there be any issue upgrading from 8.0.140.0 to 8.3.130.0 directly?

 

Also the release 8.3.130.0 on 26 Sep 17 is the bug fix version?

https://software.cisco.com/download/release.html?mdfid=282600534&softwareid=280926587&release=8.0.140.0&relind=AVAILABLE&rellifecycle=ED&reltype=latest

 

Thanks and regards

Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1


honwaihonwai wrote: 

Also the release 8.3.130.0 on 26 Sep 17 is the bug fix version? 


No it is not.  I've posted the dates (above) when the fix will be out.

Cisco Employee

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Yes, the 8.3.130.0 release from 27 Sep 2017 does have the fix. There will be an 8.0 release with the fix as well, but I do not have a firm date for that yet.

 

Regarding upgrade from 8.0 to 8.3, I'm unable to answer that. You may want to consult the release notes and upgrade guides and/or confirm with your usual support provider.

Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1


florian.hanig1 wrote:

Okay thank you.

 

So I sould upgrade to 8.3.130.0 now ?

In 8.3.130.0 are fixed all the issues ??


Hold off doing anything for a few days.  

There have been no known events where someone has managed to use this exploit.  

Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Hello,

 

I've seen that version 8.3.131.0 is now released.

But the link to the release notes gotes to 8.3.130.

 

Is the 8.3.131 also fixed for the WPA2 KRACK attack ?

 

 

Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Yes, 8.3.131.0 is the fix for KRACK.

Community Member

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Okay thank you.

 

So with 8.3.131.0 I can reenable FT on my WLC and I'm safe, right ?

Or should I change any settings to be safe ?

 

Thank you.

Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1


florian.hanig1 wrote:

So with 8.3.131.0 I can reenable FT on my WLC and I'm safe, right ? 


Correct.  FT can be re-enabled.  Please see updated post below.

Highlighted
Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Kindly delay with doing any upgrade to 8.3.130.0.  During their testing phase (after the release) they found some issues affecting non-Wave 2 APs.  They've found what the issue is and they're testing the new fix before releasing a new fix version on 23 October 2017.  

I have updated my earlier post of the ETA of the fix to reflect the new development.  

Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1


florian.hanig1 wrote:

So I sould upgrade to 8.3.130.0 now ?

In 8.3.130.0 are fixed all the issues ??


A quick update to anyone reading this thread and intending to upgrade to 8.3.132.0:
Cisco TAC has recommended anyone to HOLD OFF upgrading to 8.3.132.0. TAC has identified a Severity 1 bug which causes the controller to crash after upgrading to 8.3.132.0.
There are no reported issues in regards to other versions.

Hall of Fame Super Gold

Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 1

Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.
2614
Views
35
Helpful
22
Replies
CreatePlease to create content