SSID Confusion attack

gagandeep singh3 · ‎05-29-2024

Hi,

I would like to know if Meraki has some taken any steps to mitigate this vulnerability.

We are:
- using WPA2 encryption and not WPA3
- using RADIUS authentication

I hope Meraki will release a patch to mitigate the vulnerability. Does anyone know or shed some light on the steps that Meraki is going to take or is advising the customers ?

aleabrahao · ‎05-29-2024

What vulnerability? Do you have the CVE?

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

gagandeep singh3 · ‎05-29-2024

SSID Confusion Attack WiFi Vulnerability (CVE-2023-52424)

aleabrahao · ‎05-29-2024

This CVE is from 2023, Meraki has probably already released the fix some time ago, as they frequently release new updates.

Have you already contacted support?

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Raphael_L · ‎05-29-2024

Doubt that Meraki has published a fix for that. The CVE was published this month.

Rasmus Hoffmann Birkelund · ‎05-29-2024

Without knowing exactly what the underlying mechanisms is in this specific CVE, from what I'm reading about it, it's simply an overall design flaw in the 802.11 standard.

It's always been there, and will always be there.

Basically it aims at tricking a user to associate to your malicious and less secure SSID (a honeypot) and eavesdrop on all your traffic.

If you really want to mitigate it, there's an easy fix.

Turn of all your WiFi and Access Points, and cable your devices to the network.

#########
LinkedIn ::: https://blog.rhbirkelund.dk/
Like what you see? - Mark as helpful ## Did it answer your question? - Mark it as a Solution 🙂
All code examples are provided as is. Responsibility for Code execution is solely your own.

BlakeRichardson · ‎05-29-2024

It's a day old I doubt any vendor has patched it as it's still being analysed.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Brash · ‎05-29-2024

There is no public bug or PSIRT for this vulnerability yet, given it's still pretty fresh.

Raise a support ticket for more information as they may already be investigating internally.

IvanJukic · ‎05-29-2024

Hi @gagandeep singh3,

NOTE: I DO NOT KNOW, THE FULL INS AND OUTS OF THIS VULNERABILITY.

That said, Meraki Air Marshal does have some level of mitigation from Rouge SSIDs. See below guide for further details.

https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal

Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.

Paccers · ‎05-29-2024

Original writeup came out a few weeks ago: https://www.top10vpn.com/research/wifi-vulnerability-ssid/

I wouldn't expect a fix to be released quickly, if at all!