@rn wrote:
Currently no further information is available, as most of you already will be aware of.
Unfortunately, the model is not listed on the according site dealing with the issue:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
We do have several of the WAP4410N devices running in different customer environments, so a statement from support staff would be very much appreciated.
After reading through the mentioned security advice (SA) again, I found the following statement in the summary section.
"Among these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices."
According to the SA statement, CVE-2017-13082 refers to the fast BSS transition (FT) feature (IEEE 802.11r) also known as "fast roaming", which is not supported by the WAP4410N device model.
See: https://www.cisco.com/c/en/us/products/collateral/wireless/wap4410n-wireless-n-access-point-poe-advanced-security/data_sheet_c78-501860.html
Also when logging onto the device either by using the web interface or SSH, there is not configuration option for enabling/disabling fast BSS transition. Please also review section "Assessing the configuration of a wireless deployment for CVE-2017-13082" in the SA statement.
So assuming the AP is not supporting "fast roaming" (802.11r) at all, this should be the reason why the model is neither listed as "vulnerable" nor "not vulnerable" in the "Affected Products" section.
Conclusion: Cisco WAP4410N is not vulnerable to KRACK, since all other CVEs mentioned affect only client devices.
Please note: These are my own thoughts and conclusions drawn from the material/information provided. This needs to be confirmed by Cisco.
