Solved: Kr00k wireless vulnerability

jgbright · ‎02-27-2020

Cisco has identified 14 wireless devices so far that are vulnerable to the new Kr00k vulnerability (CVE-2019-15126)

https://www.bleepingcomputer.com/news/security/cisco-working-on-patches-for-new-kr00k-wifi-vulnerability/

No mention of any Meraki wireless equipment yet.

Has anybody heard differently yet?

daviscot · ‎05-05-2020

@jgbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February. Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.

More info here.

https://documentation.meraki.com/zGeneral_Administration/Privacy_and_Security/FullMAC_Wi-Fi_chipsets_vulnerability_(kr00k)

and

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

View solution in original post

daviscot · ‎02-27-2020

I have not heard any reports of Meraki APs being affected but will double check. All of the recent and current APs do not use Broadcom or Cypress chipsets and are not vulnerable, but some of the older End-of-Sale APs had Broadcom, that's what I'll check on and get back to you.

Prateek Maheshwari · ‎04-28-2020

Yes, you right,

I also didn't face any vulnerability in our environment. And didn't get any update from Meraki side.

jgbright · ‎02-27-2020

And here's the link to the Cisco announcement:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure

Nolan H. · ‎02-27-2020

I was going to say, Meraki uses Qualcomm so they should not be affected

aneduzhk · ‎02-27-2020

This is being accessed by our Security Team. Updates to follow.

aneduzhk · ‎03-02-2020

Meraki is aware of the CVE-2019-15126 vulnerability (also commonly known as Kr00k). At this time, Meraki is evaluating the impact and the affected products (if any). We will provide updates as we make progress to ensure the security of our products.

aneduzhk · ‎03-06-2020

Update:

None of our orderable 802.11ac Wave 2 (MR20, MR33, MR30H, MR42, MR52, MR53, MR42E, MR53E, MR70, MR74, MR84) or 802.11ax (WiFi-6) Access Points (MR45, MR55, MR36, MR46, MR56) are susceptible to this vulnerability.

Older APs not listed above may be affected, and more updates on those SKUs will be provided soon.

Nolan H. · ‎03-06-2020

Thank you for the update @aneduzhk

JoshBarfield · ‎03-16-2020

Any further updates on other SKUs, @aneduzhk? Is there an official source for information on this issue?

aneduzhk · ‎03-20-2020

Still in progress. We are in uncharted territory right now with the global coronavirus pandemic, so we should expect responses to/from other teams that are involved to be delayed. I hope you understand. Thanks.

aneduzhk · ‎04-23-2020

Cisco Meraki Customer Advisories page has been updated with the relevant information.

CMR · ‎04-28-2020

A quick summary:

WPA2 security can be bypassed on some devices.

For the MX64W and MX65W you need 15.28 to no longer be vulnerable.

For the MR26, MR32, MR34 and MR72 you need 26.8, which is due to be available in May.

Boy, am I glad we are in lockdown, we have ~30 affected devices and our corporate SSID currently uses WPA2!

If my answer solves your problem please click Accept as Solution so others can benefit from it.

daviscot · ‎05-05-2020

@jgbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February. Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.

More info here.

https://documentation.meraki.com/zGeneral_Administration/Privacy_and_Security/FullMAC_Wi-Fi_chipsets_vulnerability_(kr00k)

and

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

anythinghosted · ‎05-06-2020

Version 26.8 now available to upgrade.

Looks like it's also the initial stable firmware for some unreleased access points too ... unless I've missed a webinar.