5.8 - cisco-sa-20171016-wpa

On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.

Among these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices.

Multiple Cisco wireless products are affected by these vulnerabilities.

Cisco will release software updates that address these vulnerabilities. There is a workaround that addresses the vulnerability in CVE-2017-13082. There are no workarounds that address the other vulnerabilities described in this advisory.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"]

NOTE: Additional testing performed on October 20th, 2017 resulted in the discovery that the software fixes for CVE-2017-13082 on Cisco Access Points running Cisco IOS Software may not provide complete protection. Cisco is working on new, complete fixes for these devices. See the Fixed Software ["#fixed_software"] section of this advisory for additional information on fix availability and applicability to your specific deployment scenario.

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZ6l/FZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnLQw/8DjvX+Zt/YH8nvmNc eLliUKh40Ihs/P2tRR9LFR1tY0QQlxOyctY/QCYKYeV2RPPYO/Zg6YzNdkk/7Zxs H5PYMMyAWRRhaw+jZRssXHMTUZWJ+w+nJsLKylBEnKYEn2BvnztkGm/znIsiNT/Q uDMb/17i9J+LAMzKoXDDMQbkM1Kb63nEh59GvgCd+8fGQ3bXPFgMrg9wzDHI0Krh bqkUAjjTvw+8M2C7KGvWAyQ/i6cSjsjuyhi9w2GsAzPBtYWm9cG5qUZQrkpqkSoQ eSB+FZJcUaEiHTqtBxZ1xW5teGTs1diljXGBo+jEh5eYGXwdH6DepWyFuDhwe3Bh 2qbb5ojY+AVc46MqN30jCMr3hbaIWffKMS4amNfEW3mozAsa57CTOebhGzBQJyAI xCpCJGwMi5rJuPCYyqbe5hfDWqZy4JY1CLykEz7fVHIrLX6+P4Xo5aVRZltcBCWK li7PgiTWICPgU6qGatt+H0vyFBeOI3P9yVzXkOrIYpb0kErj4dKlD/+pRuKLoxhz /pgTmECoJ+4cYUsRq2Fm+lXu9zAMqQOUCs8AhJqSbRZaNUuMOo1mAl9dL48o2xvF Hn5brXwv9LdPpzkWZpuFAUAGYqES8lj+PyP6bWjl416FqXA3iNyVze20D2m8lPV +k+/KgtnZjsEApw9cZHa1VBbVbVs= =NsXq END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com