Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II in Cisco products
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 |
| CWE-ID | CWE-320 |
| Exploitation vector | Local network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
Cisco Meraki Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco WAP561 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco WAP551 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco WAP371 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco WAP321 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco WAP121 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco ASA 5506W-X w Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Spark Room Series Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco IP Phone 8865 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco IP Phone 8861 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco DX80 Series IP Phones Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco DX70 Series IP Phones Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Wireless IP Phone 8821 Hardware solutions / Office equipment, IP-phones, print servers Aironet Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Key management errors
EUVDB-ID: #VU8837
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13077
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Key management errors
EUVDB-ID: #VU8838
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13078
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Key management errors
EUVDB-ID: #VU8839
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13079
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Key management errors
EUVDB-ID: #VU8841
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13081
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Key management errors
EUVDB-ID: #VU8842
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13082
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
As a temporary solution the vendor has suggested the following workaround: - If no interactive applications such as Voice over IP (VoIP) or video are being used on the network, you can disable 11r support on the access point. - If VoIP applications are in use but the supplicants support CCKM (for example, Cisco Wireless Phones) - you can disable 11r support and reconfigure the clients to use CCKM (Cisco Centralized Key Management), which should provide a similar roaming experience. NOTE: Disabling 11r support may have negative performance and availability impact on the network. Customers should verify that disabling 11r would not negatively impact their environment before performing such configuration change on their infrastructure devices.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Key management errors
EUVDB-ID: #VU8845
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13086
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.
The weakness exists in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop on a TDLS handshake and retransmit previously used message exchanges between supplicant and authenticator.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Key management errors
EUVDB-ID: #VU8846
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13087
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Key management errors
EUVDB-ID: #VU8847
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13088
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsCisco Meraki: MR11 - MR84
Cisco WAP561: All versions
Cisco WAP551: All versions
Cisco WAP371: All versions
Cisco WAP321: All versions
Cisco WAP121: All versions
Cisco ASA 5506W-X w: All versions
Cisco Wireless IP Phone 8821: All versions
Cisco Spark Room Series: All versions
Cisco IP Phone 8865: All versions
Cisco IP Phone 8861: All versions
Cisco DX80 Series IP Phones: All versions
Cisco DX70 Series IP Phones: All versions
Aironet: 700 Series - AP803
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
