—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

Advisory ID: cisco-sa-20171016-wpa

Revision: 2.0

For Public Release: 2017 October 16 14:00 GMT

Last Updated: 2017 October 20 20:39 GMT

CVE ID(s): CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

CVSS Score v(3): 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

+———————————————————————

Summary
=======
On October 16th, 2017, a research paper with the title of “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.

Among these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices.

Multiple Cisco wireless products are affected by these vulnerabilities.

Cisco will release software updates that address these vulnerabilities. There is a workaround that addresses the vulnerability in CVE-2017-13082. There are no workarounds that address the other vulnerabilities described in this advisory.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa”]

NOTE: Additional testing performed on October 20th, 2017 resulted in the discovery that the software fixes for CVE-2017-13082 on Cisco Access Points running Cisco IOS Software may not provide complete protection. Cisco is working on new, complete fixes for these devices. See the Fixed Software [“#fixed_software”] section of this advisory for additional information on fix availability and applicability to your specific deployment scenario.

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZ6l/FZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnLQw/8DjvX+Zt/YH8nvmNc
eLliUKh40Ihs/P2tRR9LFR1tY0QQlxOyctY/QCYKYeV2RPPYO/Zg6YzNdkk/7Zxs
H5PYMMyAWRRhaw+jZRssXHMTUZWJ+w+nJsLKylBEnKYEn2BvnztkGm/znIsiNT/Q
uDMb/17i9J+LAMzKoXDDMQbkM1Kb63nEh59GvgCd+8fGQ3bXPFgMrg9wzDHI0Krh
bqkUAjjTvw+8M2C7KGvWAyQ/i6cSjsjuyhi9w2GsAzPBtYWm9cG5qUZQrkpqkSoQ
eSB+FZJcUaEiHTqtBxZ1xW5teGTs1diljXGBo+jEh5eYGXwdH6DepWyFuDhwe3Bh
2qbb5ojY+AVc46MqN30jCMr3hbaIWffKMS4amNfEW3mozAsa57CTOebhGzBQJyAI
xCpCJGwMi5rJuPCYyqbe5hfDWqZy4JY1CLykEz7fVHIrLX6+P4Xo5aVRZltcBCWK
li7PgiTWICPgU6qGatt+H0vyFBeOI3P9yVzXkOrIYpb0kErj4dKlD/+pRuKLoxhz
/pgTmECoJ+4cYUsRq2Fm+lXu9zAMqQOUCs8AhJqSbRZaNUuMOo1mAl9dL48o2xvF
Hn5brXwv9LdPpzkWZpuFAUAGYqES8lj+PyP6bWjl416FqXA3iNyVze20D2m8lPV+
k+/KgtnZjsEApw9cZHa1VBbVbVs=
=NsXq
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com