Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

Hi,

 

So I see that the WLC hardware itself is not affected, but the AP's are (I have tons of affected lightweights in my network)

 

I see that the 8.3.130 software is available for the 5508 controller, looks like it was released end September. The same goes for the 5520 controller.


This is the updates to go for related to this bug ?  For both the 5520 and the 5508..... right ? :)

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

I was not given the date of the fix release. All I was told is "fix is coming very soon".
12 REPLIES
Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

Fixed firmware release soon (think end of the week).

Everyone's tags (3)
New Member

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

So the 8.3.130 I listed there don't cut it ?
Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's


Heffalompen666 wrote:
So the 8.3.130 I listed there don't cut it ?

Nope.

Remember, the problem is not just at the AP-end.  Both APs and wireless clients need to be patched.  Patching the client will only fix 9 out of 10 vulnerabilities.  

New Member

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

Okay. ? :)

So the bug lists that access points have to go to 8.3.130. Of course this will have to trigger a upgrade of my WLC. But you are saying that this is not the right software to put on the wlc. ?
Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

Right now, there are some confusion about 8.3.130.0.  For one, it was released on September 2017 but why, in the Security Advisory, does it state a release date 16 October 2017? 

To err on the side of caution:  I'm going to state that I'd rather wait for the fix release (soon).  

New Member

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

I am totally on board with you on that. Have there been any official information from Cisco that there is work being done on a fix ? (where do you have this info from ? )
Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

I was not given the date of the fix release. All I was told is "fix is coming very soon".
New Member

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

Thanx, then we'll hang back for some days and see what the Cisco dudes come up with. :)
Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

KRACK.png

 

 

Highlighted
Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

Kindly delay with doing any upgrade to 8.3.131.0. During their testing phase (after the release) they found some issues affecting non-Wave 2 APs. They've found what the issue is and they're testing the new fix before releasing the fix version on 23 October 2017.
I have updated my earlier post of the ETA of the fix to reflect the new development.

Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's


Heffalompen666 wrote:
Thanx, then we'll hang back for some days and see what the Cisco dudes come up with. :)

A quick update to anyone reading this thread and intending to upgrade to 8.3.132.0:
Cisco TAC has recommended anyone to HOLD OFF upgrading to 8.3.132.0. TAC has identified a Severity 1 bug which causes the controller to crash after upgrading to 8.3.132.0.
There are no reported issues in regards to other versions.

Hall of Fame Super Gold

Re: CSCvf96814 - attacks against WPA protocol. WLC, lightweight ap's

Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.
729
Views
15
Helpful
12
Replies
CreatePlease login to create content