Solved: Re: CSCvf47808 - Key Reinstallation attacks against WPA protocol - 3

bvj197222 · ‎10-17-2017

The article says that 8.3.130 was fixed 16.10 for some AP's, but when I check out the downloads the date of the sw is 27.9. Where can I download the bugfixed Version?

Leo Laohoo · ‎10-17-2017

Kindly delay with doing any upgrade to 8.3.131.0. During their testing phase (after the release) they found some issues affecting non-Wave 2 APs. They've found what the issue is and they're testing the new fix before releasing the fix version on 23 October 2017.
I have updated my earlier post of the ETA of the fix to reflect the new development.

View solution in original post

Leo Laohoo · ‎10-17-2017

@bvj197222 wrote:

The article says that 8.3.130 was fixed 16.10 for some AP's, but when I check out the downloads the date of the sw is 27.9. Where can I download the bugfixed Version?

I think this is a mis-print. A new batch of firmwares to fix the KRACK vulnerability is about to be released. It's currently in it's final phase of testing.

Dan Brandt · ‎10-17-2017

Any idea as to when this last phase of testing will be completed?

scrye · ‎10-17-2017

The Bug Search pages lists 8.2.163.5 as a fixed version, but that is not available for download ...

Steve

Leo Laohoo · ‎10-17-2017

Kindly delay with doing any upgrade to 8.3.131.0. During their testing phase (after the release) they found some issues affecting non-Wave 2 APs. They've found what the issue is and they're testing the new fix before releasing the fix version on 23 October 2017.
I have updated my earlier post of the ETA of the fix to reflect the new development.

bvj197222 · ‎10-18-2017

Where can we download the fixed software? When I check out the available software for 5508 Wireless Controller I find 8.3.130.0 With release date 26-SEP-2017.

Leo Laohoo · ‎10-20-2017

Kindly delay with doing any upgrade to 8.3.131.0. During their testing phase (after the release) they found some issues affecting non-Wave 2 APs. They've found what the issue is and they're testing the new fix before releasing the fix version on 23 October 2017.
I have updated my earlier post of the ETA of the fix to reflect the new development.

Leo Laohoo · ‎10-23-2017

Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.

tomab · ‎10-24-2017

Any idea if these new releases are affected by this catastrophic bug: CSCvf16302

There are no fixed releases listed.

Would hate to update and kill hundreds of APs.

Leo Laohoo · ‎10-24-2017

@tomab wrote:

Any idea if these new releases are affected by this catastrophic bug: CSCvf16302

This is a totally different bug and has NOTHING to do with the KRACK vulnerability.

tomab · ‎10-30-2017

@Leo Laohoo wrote:

This is a totally different bug and has NOTHING to do with the KRACK vulnerability.

Yes it is a different bug, however you've completely missed my point which is:

If I upgrade to resolve KRACK am I then exposed to CSCvf16302.