Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 10

davie_mcc · ‎10-18-2017

Our 8540 WLC is running SW 8.8.121.0 and our 3700 series APs are running SW 8.3.121.0 too. Having read through numerous pages of stuff, am I correct in saying we have to upgrade these APs to SW 8.3.130.0?

Leo Laohoo · ‎10-19-2017

@davie_mcc wrote:

Our 8540 WLC is running SW 8.8.121.0 and our 3700 series APs are running SW 8.3.121.0 too. Having read through numerous pages of stuff, am I correct in saying we have to upgrade these APs to SW 8.3.130.0?

Above is the official notice from Cisco about the release date for the software fix.

Leo Laohoo · ‎10-20-2017

Kindly delay with doing any upgrade to 8.3.131.0. During their testing phase (after the release) they found some issues affecting non-Wave 2 APs. They've found what the issue is and they're testing the new fix before releasing the fix version on 23 October 2017.
I have updated my earlier post of the ETA of the fix to reflect the new development.

Just a reminder that this vulnerability affects anything with a wireless NIC. It's not just wireless AP but also wireless clients as well. Patching the client will fix 9 out of 10 vulnerabilities but not CVE-2017-13082. (CVE-2017-13082 will be patched on the AP side.)

Leo Laohoo · ‎10-23-2017

Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.

Leo Laohoo · ‎10-29-2017

@davie_mcc wrote:

Our 8540 WLC is running SW 8.8.121.0 and our 3700 series APs are running SW 8.3.121.0 too. Having read through numerous pages of stuff, am I correct in saying we have to upgrade these APs to SW 8.3.130.0?

A quick update to anyone reading this thread and intending to upgrade to 8.3.132.0:
Cisco TAC has recommended anyone to HOLD OFF upgrading to 8.3.132.0. TAC has identified a Severity 1 bug which causes the controller to crash after upgrading to 8.3.132.0.
There are no reported issues in regards to other versions.