Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

We have some SSID's broadcast using WPA2 authentication and have "Fast Transition" configured.

Recently KRACK Attack vulnerability is released. does this security vulnerability have patch already?

TIA

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Software fix for the KRACK vulnerability is now available for download.  They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.

12 REPLIES
Hall of Fame Super Gold

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Cisco will be releasing a fix very soon.

Remember that this vulnerability affects not just the APs but any wireless client with a wireless NIC.  So patching the APs won't fix the issue as the wireless client(s) needs to be patched as well.

Everyone's tags (1)
New Member

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

I was under the impression if one side was fixed (either client or AP infrastructure) then the vulnerability could not be exploited
Silver

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Cisco Employee

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Hi Mate,

 

If you have a WLAN with FT(802.11r) enabled, please follow the work around provided in this Cisco security advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa#workarounds, Please subscribe to notifications of this document for the latest news and fixes. 

 

Disabling FT (802.11r) on the AP/WLC side is an effective workaround to the AP side vulnerability, and the client-side vulnerabilities will need to be addressed on the client side.

 

Regards,

Divya

 

 

 

 

Highlighted
Hall of Fame Super Gold

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

KRACK.png

Here is schedule of software fix release dates.  

 

Silver

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Cisco just updated their advisory, their previously released patch is not 100% ok, they will release another updated version.
Hall of Fame Super Gold

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Software fix for the KRACK vulnerability is now available for download.  They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.

New Member

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Yes. Most of the patches were released on 10/21.

Steve Saeger
Director, Network/Telecom
Mercy
3637 S. Geyer Rd.
St. Louis, MO 63127
Office: 314-364-3240 | Email: steven.saeger@mercy.net


New Member

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Thanks Steve.
Hall of Fame Super Gold

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

A quick update to anyone reading this thread and intending to upgrade to 8.3.132.0:
Cisco TAC has recommended anyone to HOLD OFF upgrading to 8.3.132.0. TAC has identified a Severity 1 bug which causes the controller to crash after upgrading to 8.3.132.0.
There are no reported issues in regards to other versions.

New Member

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

Hi Leo,

Thanks for the heads-up, we'll postpone our scheduled upgrade then and wait for the stable update.

-
Cheers,
Mon
Silver

Re: WLC 5520 KRACK Attack WPA2 Vulnerability (Fast Transition configured)

FYI, Cisco just informed about 4 new security issues which can cause DoS with reload (but no remote code execution).
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
All those new issues are fixed in the following releases:
Prior to 8.0 Not vulnerable
8.0.152.0
8.2.164.0
8.2.164.0
8.3.132.0
8.4.100.0
8.5.110.0 (future release)
3535
Views
0
Helpful
12
Replies
CreatePlease login to create content