SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Device (Router/Bridge/Hub)  >   Cisco Aironet Vendors:   Cisco
Cisco Aironet WPA2 Protocol Key Reinstallation Attack Lets Remote Users Modify Data on the Target Wireless Network
SecurityTracker Alert ID:  1039570
SecurityTracker URL:  http://securitytracker.com/id/1039570
CVE Reference:   CVE-2017-13082   (Links to External Site)
Updated:  Oct 20 2017
Original Entry Date:  Oct 16 2017
Impact:   Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Cisco Aironet. A remote user on the wireless network can modify data on the wireless network.

A remote user within range of the wireless network can record and replay retransmissions of part of the 802.11i 4-way handshake of the WPA and WPA2 protocols to force a reinstallation of certain keys.

A remote user on the wireless network can retransmit the Fast BSS Transition (FT) Reassociation Request and reinstall a previously used pairwise encryption key (PTK-TK) [CVE-2017-13082].

The vendor has assigned Bug ID CSCvg10793 to this vulnerability for Cisco Aironet Access Points.

The vendor has assigned Bug ID CSCvf47808 to this vulnerability for Cisco Aironet Access Points running Cisco IOS.

The following models are affected:

Cisco Aironet 1560 Series Access Points
Cisco Aironet 1810 Series OfficeExtend Access Points
Cisco Aironet 1810w Series Access Points
Cisco Aironet 1815 Series Access Points
Cisco Aironet 1830 Series Access Points
Cisco Aironet 1850 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco Aironet Access Points running Cisco IOS

Models 1570, 1700, 2700, and 3700 are not affected via 5Ghz connections.

This vulnerability is one of a set of vulnerabilities referred to as KRACK (Key Reinstallation AttaCK).

The original advisory is available at:

https://papers.mathyvanhoef.com/ccs2017.pdf

Additional information is available at:

https://www.krackattacks.com/

[Editor's note: The vulnerability resides in the WPA and WPA2 protocol specification and is not due to incorrect vendor implementation of the standards.]

Mathy Vanhoef and Frank Piessens from Katholieke Universiteit Leuven reported this vulnerability.

Impact:   A remote user on the wireless network can modify data on the wireless network.
Solution:   [Editor's note: On October 16, 2017, the vendor issued a fix for Aironet Access Points running IOS. On October 20, 2017, the vendor updated their advisory to indicate that the fix for CVE-2017-13082 for Cisco Access Points running IOS was not complete. No updated fix is available at the time. See bug ID CSCvf47808.]

A fix is available for Aironet Access Point series models 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 (8.3.130.6, 8.3.131.0). See bug ID CSCvg10793.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC