—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

Advisory ID: cisco-sa-20171016-wpa

Revision: 1.0

For Public Release: 2017 October 16 14:00 GMT

Last Updated: 2017 October 16 14:00 GMT

CVE ID(s): CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

CVSS Score v(3): 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

+———————————————————————

Summary
=======
On October 16th, 2017, a research paper with the title of “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.

Multiple Cisco wireless products are affected by these vulnerabilities.

Cisco will release software updates that address these vulnerabilities. There is a workaround that addresses the vulnerability in CVE-2017-13082. There are no workarounds that address the other vulnerabilities described in this advisory.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZ5L6vZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlMKBAA4YxQgqu7v4s/r005
kbrbn/be+ZWb4Oec837AyIM74et74n33QM5G/kSgnsnIzVu7T4ErBz7okrMIkji2
fXiI3qT7c9kzJ12ZXMpV9SMsnQCN1fBFbtJcN6gmth2FoAo84aWX/X339/f7tnTf
0Vjuji3zgDxvMKJJVSB3L1hpe0Vo7tOSRV/2MFpLBitbL9znJVtd00J7efeUF6Qk
72ZnowEjwPwWVfc78cGmO+vEhQbu6H2BmHHU2RQ7t+KS+ORKXrgcRBAnSsgkNtll
Y9IntzX9CJErMsWNTCPk4xnhAETAIl366J7AOBCeqbTtWQ92C5Df7UtYXiSdOAzW
JOwsLV4kWL3k3W5MWcgHra6zJY3duo+/EixzYb+7XJGfIgsXedw6yziHtZ42uc6a
7HoI8EpC8ZCs07SXKijZ0t0//e4Vplvqu0nMEtBVpqQ76PHBy0ckGkVqvqNjaf+a
98xNvQKmkx13i89r3GMSFYDgh0jKOvxn0ZgNosglqDS12n9N/UfVTbtgBdAEAmwv
aXXdTbtIYGy2CmvDHMNlqMapWfp8B9NBZHJ/ow65qM++AnACNYrv/gU6Kwjl+0Kv
N1yeyYjjNNbegVMXvvAWQN23GjQuTFqQwN7KzDwJDj+asmWer8z0xE0iMP5r84Xa
tXkAvwpO36FLWE+BgY6F7bBIChY=
=eFx1
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com