10-17-2017 07:12 AM - edited 03-21-2019 10:48 AM
In Cisco announcement regarding WPA "KRACK" vulnerability, nothing regarding WAP4410N.
Has anybody a clue about it and a workaround since Cisco may not provide an updated firmware ?
10-18-2017 02:15 AM - edited 10-18-2017 03:59 AM
Currently no further information is available, as most of you already will be aware of.
Unfortunately, the model is not listed on the according site dealing with the issue:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
We do have several of the WAP4410N devices running in different customer environments, so a statement from support staff would be very much appreciated.
11-02-2017 10:45 AM
Given the WAP4410N is still under Hardware Support you would think they would have some info and a new firmware out.
Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/small-business-wireless-access-points/eos-eol-notice-c51-732170.pdf
Last Date of Support: HW: September 30, 2019
11-13-2017 08:09 AM
Hi,
any news about this? I also have several of the units working and i need to know about the KRACK influence? Can we expect a firmware update for this device?
Regards Jens
11-14-2017 12:59 AM - edited 11-14-2017 01:46 AM
@rn wrote:
Currently no further information is available, as most of you already will be aware of.
Unfortunately, the model is not listed on the according site dealing with the issue:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
We do have several of the WAP4410N devices running in different customer environments, so a statement from support staff would be very much appreciated.
After reading through the mentioned security advice (SA) again, I found the following statement in the summary section.
"Among these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices."
According to the SA statement, CVE-2017-13082 refers to the fast BSS transition (FT) feature (IEEE 802.11r) also known as "fast roaming", which is not supported by the WAP4410N device model.
Also when logging onto the device either by using the web interface or SSH, there is not configuration option for enabling/disabling fast BSS transition. Please also review section "Assessing the configuration of a wireless deployment for CVE-2017-13082" in the SA statement.
So assuming the AP is not supporting "fast roaming" (802.11r) at all, this should be the reason why the model is neither listed as "vulnerable" nor "not vulnerable" in the "Affected Products" section.
Conclusion: Cisco WAP4410N is not vulnerable to KRACK, since all other CVEs mentioned affect only client devices.
Please note: These are my own thoughts and conclusions drawn from the material/information provided. This needs to be confirmed by Cisco.
11-14-2017 01:10 AM - edited 11-14-2017 01:10 AM
Good morning,
thank you for the supplied information and your thoughts.
Now it's up to a Moderator to push this forward to someone who can answer out questions please.
Regards Jens
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide