cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3997
Views
35
Helpful
12
Replies

CSCvf96814 - Key Reinstallation attacks against WPA protocol

nicolas.tessiau
Level 1
Level 1

Hello.
Have you an idea of when an security update for WAP371 will be available?

Thanks.

1 Accepted Solution

Accepted Solutions

Leo Laohoo
Hall of Fame
Hall of Fame
12 Replies 12

Leo Laohoo
Hall of Fame
Hall of Fame

KRACK.png

 

 

The "answer" is not helpful in this case.  Still waiting for patch of WAP371

Where can i find the fix?

 

or there is no fix yet?

 

Thanks

Leo Laohoo
Hall of Fame
Hall of Fame
Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.

Hello, 

 

How about security update for WAP371 firmware? Any idea when it will be available?

 

These AP's work without WLC. 

 

Last firmware release for these is from February 2017 and Cisco lists these as vulnerable:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

 

Best regards,

 

Maciek

 

I fully understand that rolling out updates for access points with WLC gets priority. But it would be great to get some advice on these vulnerabilities in the WAP371 firmware. Can you reduce the risk by temporary disable certain functions until a fix is available? What should be disabled:

enterprise security with radius authentication?

pre-authentication?

WDS bridge?

Workgroup bridge?

Single point setup?

others?

 

regards

It would be greatly appreciated if Cisco, prior to releasing new firmware for the 371 ap, could post measures by means of settings change to mitigate vulnerability changes. Best would be to have the firmware the soonest though.

25 October 2017 advisory25 October 2017 advisory

KRACK exploit involves up to ten (10) vulnerabilities.  Patching the client will fix 9 out of 10 vulnerabilities (except CVE-2017-13082) because those are client-facing vulnerabilities.

(This means that even if the APs are patched for CVE-2017-13082, but if the clients aren't patched then they could be vulnerable to any of the nine attack vectors.)

For CVE-2017-13082, if your APs support 802.11r (aka Fast Transition or FR), then the fix is to disable this feature.  If APs don't support 802.11r, then it's all fine.  

WARNING:  Please understand what 802.11r can/can't do to the wireless network before undertaking the workaround.  

 

CVE-2017-13082 workaround (802.11r)CVE-2017-13082 workaround (802.11r)

 

Hello All, 

 

Month after publicly announcing the vulnerability, two months from when CISCO was notified about it, there is still no promised fix for WAP371 access points... 

 

That is very damaging to the brand and I will think twice before purchasing or recommending CISCO Small Business line products to clients. 

If we have to replace hardware to fix the vulnerability, we will also have to go for a different brand this time. Pitty, as WAP3xx line was very affordable way for small businesses to get robust and scalable wireless network...

 

Also, this thread was marked as answered, although there is still no answer to the original question. 

 

Very disappointing...

 

20171117-cisco-firmware.PNG

Agree with Maciek. The support of Cisco is very poor and really unprofessional. I would like to add some information. On the website it is wrote that patch was available on 1.12.2017, and we are at 10.12.2017 and still new firmware is not available.

This is unacceptable and embarrassing. When will the fix be released? This isn't "solved"

Guys,

 

KRAK finally patched on WAP 3XX access points:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf96814

 

Best regards,

 

Maciek

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: