ESB-2017.2601.5 - UPDATE [Cisco] Cisco Products: Multiple vulnerabilities 2017-12-18

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2017.2601.5
       Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi
                            Protected Access II
                             18 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Products
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Access Privileged Data         -- Remote/Unauthenticated      
                   Provide Misleading Information -- Remote with User Interaction
Resolution:        Mitigation
CVE Names:         CVE-2017-13088 CVE-2017-13087 CVE-2017-13086
                   CVE-2017-13084 CVE-2017-13082 CVE-2017-13081
                   CVE-2017-13080 CVE-2017-13079 CVE-2017-13078
                   CVE-2017-13077  

Reference:         ESB-2017.2599
                   ESB-2017.2600

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

Revision History:  December 18 2017: Vendor provided revision 2.7 and 2.8
                   November 22 2017: Vendor provided revision 2.6
                   October  27 2017: Vendor provided further updates
                   October  19 2017: Vendor provided updates
                   October  17 2017: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access
II

Severity: High
Advisory ID: cisco-sa-20171016-wpa
First Published: 2017 October 16 14:00 GMT
Last Updated: 2017 December 14 21:19 GMT
Version 2.8: Final
Workarounds: Yes
Cisco Bug IDs: CSCvf71749 CSCvf71751 CSCvf71754 CSCvf71749 CSCvf71751
CSCvf71754 CSCvf71761 CSCvf96789 CSCvf96814 CSCvf96818 CSCvg10793 CSCvg35287
CSCvg42682 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13077
CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082
CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CWE-320
CVSS Score: Base 4.3
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X

Summary

  * On October 16, 2017, a research paper with the title ?Key Reinstallation
    Attacks: Forcing Nonce Reuse in WPA2? was made publicly available. This
    paper discusses seven vulnerabilities affecting session key negotiation in
    both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II
    (WPA2) protocols. These vulnerabilities may allow the reinstallation of a
    pairwise transient key, a group key, or an integrity key on either a
    wireless client or a wireless access point. Additional research also led to
    the discovery of three additional vulnerabilities (not discussed in the
    original paper) affecting wireless supplicant supporting either the 802.11z
    (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network
    Management) standard. The three additional vulnerabilities could also allow
    the reinstallation of a pairwise key, group key, or integrity group key.

    Among these ten vulnerabilities, only one (CVE-2017-13082) may affect
    components of the wireless infrastructure (for example, Access Points),
    while the other nine vulnerabilities may affect only client devices.

    Multiple Cisco wireless products are affected by these vulnerabilities.

    Cisco will release software updates that address these vulnerabilities.
    There are workarounds that addresses the vulnerabilities in CVE-2017-13077,
    CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, and
    CVE-2017-13082. There are no workarounds for CVE-2017-13086,
    CVE-2017-13087, and CVE-2017-13088.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20171016-wpa

Affected Products

  * Cisco is investigating its product line to determine which products may be
    affected by these vulnerabilities. As the investigation progresses, Cisco
    will update this advisory with information about affected products,
    including the ID of the Cisco bug for each affected product.

    For information about whether a product is affected by these
    vulnerabilities, refer to the Vulnerable Products and Products Confirmed
    Not Vulnerable sections of this advisory. The Vulnerable Products section
    includes Cisco bug IDs for each affected product. The bugs are accessible
    through the Cisco Bug Search Tool and contain additional platform-specific
    information, including workarounds (if available) and fixed software
    releases.

    No Cisco products are affected by the vulnerability identified by
    CVE-2017-13084.

    Products Under Investigation

    The following products are under active investigation to determine whether
    they are affected by the vulnerabilities that are described in this
    advisory.

    Video, Streaming, TelePresence, and Transcoding Devices
      + GigaTV VGW10


   
    Vulnerable Products

    The following table lists Cisco products that are affected by one or more
    vulnerabilities described in this advisory.


               Product             Cisco Bug     Fixed Release Availability
                                       ID
                       Endpoint Clients and Client Software
    Cisco AnyConnect Secure
    Mobility Client - Network      CSCvg35287 4.5.02036 and later
    Access Manager
              Routing and Switching - Enterprise and Service Provider
    Cisco 1000 Series Connected    CSCvg67174 No fix information available at
    Grid Routers                              this time.
                      Routing and Switching - Small Business
    Cisco Small Business CVR100W   CSCvg03682 No fix will be provided for this
    Wireless-N VPN Router                     product.
    Cisco Small Business RV315W    CSCvf96844 No fix information available at
    Wireless-N VPN Router                     this time.
                     Voice and Unified Communications Devices
    Cisco DX Series IP Phones                 No fix information available at
    (DX650, DX70 and DX80) running CSCvg36461 this time.
    Android-based firmware.
    Cisco DX Series IP Phones
    (DX70 and DX80) when running   CSCvf71761 8.3.4 and later
    Collaboration Endpoint (CE)               9.2.1 and later
    software
    Cisco IP Phone 8861-3PCC       CSCvg38265 11.0.1MSR1 for CP-8861-3PCC
    Cisco IP Phone 8861            CSCvf71751 12.0.1SR1 and later
    Cisco IP Phone 8865            CSCvf71751 12.0.1SR1 and later
    Cisco Spark Board              CSCvg37142 No fix information available at
                                              this time.
    Cisco Spark Room Series        CSCvf71761 8.3.4 and later
                                              9.2.1 and later
    Cisco Wireless IP Phone 8821   CSCvf71749 11.0(3)SR5 and later
                                     Wireless
                                              See the Fixed Software section of
    Cisco 1100 Series Integrated   CSCvg42682 this advisory for fix
    Services Routers                          availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco 812 Series Integrated    CSCvg42682 this advisory for fix
    Services Routers                          availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco 819 Series Integrated    CSCvg42682 this advisory for fix
    Services Routers                          availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco 829 Industrial           CSCvg42682 this advisory for fix
    Integrated Services Routers               availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco 860 Series Integrated    CSCvg42682 this advisory for fix
    Services Routers                          availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco 880 Series Integrated    CSCvg42682 this advisory for fix
    Services Routers                          availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco 890 Series Integrated    CSCvg42682 this advisory for fix
    Services Routers                          availability depending on
                                              deployment scenario.
    Cisco AP541N Wireless Access   CSCvf96821 No fix will be provided for this
    Point                                     product.
                                              See the Fixed Software section of
    Cisco ASA 5506W-X w/ FirePOWER CSCvg42682 this advisory for fix
    Services                                  availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1040 Series      CSCvg42682 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1140 Series      CSCvg42682 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1250 Series      CSCvg42682 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1260 Series      CSCvg42682 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1520 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1530 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1540 Series      CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1550 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1560 Series      CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1570 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1600 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1700 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1810 Series      CSCvg10793 this advisory for fix
    OfficeExtend Access Points                availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1810w Series     CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1815 Series      CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1830 Series      CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 1850 Series      CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 2600 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 2700 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 2800 Series      CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 3500 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 3600 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 3700 Series      CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 3800 Series      CSCvg10793 this advisory for fix
    Access Points                             availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet 700 Series       CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet AP801 Access     CSCvg42682 this advisory for fix
    Point                                     availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet AP802 Access     CSCvg42682 this advisory for fix
    Point                                     availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet AP803 Access     CSCvg42682 this advisory for fix
    Point                                     availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Aironet Access Points    CSCvg42682 this advisory for fix
                                              availability depending on
                                              deployment scenario.
                                              See the Fixed Software section of
    Cisco Industrial Wireless 3700 CSCvg42682 this advisory for fix
    Series                                    availability depending on
                                              deployment scenario.
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR11              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR12              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR14              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR16              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR18              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR24              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR26              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR30H             N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24.x: affected - no fixes will
                                              be made available
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR32              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR33              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24.x: affected - no fixes will
                                              be made available
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR34              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR42              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR52              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR53              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR58              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR62              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR66              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR72              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR74              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24.x: affected - no fixes will
                                              be made available
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              MR20.x and previous releases: not
                                              affected
                                              MR21.x: affected - no fixes will
                                              be made available
                                              MR22.x: affected - no fixes will
    Cisco Meraki MR84              N/A        be made available
                                              MR23.x: affected - no fixes will
                                              be made available
                                              MR24 up to and including MR24.10:
                                              affected - first fixed in MR24.11
                                              MR25 up to and including MR25.6:
                                              affected - first fixed in MR25.7
                                              See the Fixed Software section of
    Cisco Mobility Express         CSCvg10793 this advisory for fix
                                              availability depending on
                                              deployment scenario.
    Cisco WAP121 Wireless-N Access CSCvf96789 Fix to be available on or about
    Point with Single Point Setup             29-Dec-2017
    Cisco WAP125 Wireless-AC Dual
    Band Desktop Access Point with CSCvf96792 v1.0.0.7
    PoE
    Cisco WAP131 Wireless-N Dual   CSCvf96801 v1.0.2.15
    Radio Access Point with PoE
    Cisco WAP150 Wireless-AC/N
    Dual Radio Access Point with   CSCvf96803 v1.1.0.9
    PoE
    Cisco WAP321 Wireless-N Access CSCvf96789 Fix to be available on or about
    Point with Single Point Setup             29-Dec-2017
    Cisco WAP351 Wireless-N Dual
    Radio Access Point with 5-Port CSCvf96801 v1.0.2.15
    Switch
    Cisco WAP361 Wireless-AC N
    Dual Radio Wall Plate Access   CSCvf96803 v1.1.0.9
    Point with PoE
    Cisco WAP371 Wireless-AC N                Fix to be available on or about
    Access Point with Single Point CSCvf96814 29-Dec-2017
    Setup
    Cisco WAP551 Wireless-N Single
    Radio Selectable Band Access   CSCvf96818 v1.2.1.6
    Point
    Cisco WAP561 Wireless-N Dual
    Radio Selectable Band Access   CSCvf96818 v1.2.1.6
    Point
    Cisco WAP571 Wireless-AC N
    Premium Dual Radio Access      CSCvf96820 v1.0.1.11
    Point with PoE
    Cisco WAP571E Wireless-AC N
    Premium Dual Radio Outdoor     CSCvf96820 v1.0.1.11
    Access Point
    Cisco WAP581 Wireless-AC Dual
    Radio Wave 2 Access Point with CSCvg07495 v1.0.0.7
    2.5GbE LAN



    Assessing the Configuration of a Wireless Deployment for CVE-2017-13082

    The vulnerability identified by CVE ID CVE-2017-13082 may affect only
    deployments that support the fast BSS transition (FT) feature and have it
    enabled.

    To determine whether the FT feature is enabled on a Wireless LAN Controller
    (WLC) device, administrators can log in to the device and use the show wlan
    command or the show wlan id command, depending on the device model.

    The following example shows the output of the show wlan id command for a
    Cisco 3500 Series Wireless Controllers device where FT is enabled on wlan 1
    :

        (w-3504-2)> show wlan 1
        ...
        Security
           802.11 Authentication:........................ Open System
           FT Support.................................... Enabled

        ...

    The following example shows the output of the show wlan id 1 command for a
    Cisco 5760 Series Wireless LAN Controller device where FT is disabled on
    wlan 1:

        W-5760-2> show wlan id 1 | include FT\ Support
            FT Support                                 : Disabled

    To determine whether the FT feature is enabled on a Standalone Access Point
    running Cisco IOS Software, administrators can log in to the device and use
    the show running-config | include dot11r command and verify that the
    command returns output.
     
    The following example shows the output of the show running-config | include
    dot11r command for an access point that has FT enabled:

        AP# show running-config | include dot11r
        authentication key-management wpa version 2 dot11r
         

    Please note that FT is not supported on deployments running a Wireless LAN
    Controller with AireOS version 7.0 and previous releases, hence such
    deployments are not affected by CVE-2017-13082.

    To determine which release of Cisco WLC Software is running on a device,
    administrators can use the web interface or the CLI.

    To use the web interface, log in to the web interface, click the Monitor 
    tab, and then click Summary in the left pane. The Software Version field
    shows the release number of the software currently running on the device.

    To use the CLI, issue the show sysinfo command, and then refer to the value
    in the Product Version field of the command output. The following example
    shows the output of the command for a device running Cisco WLC Software
    Release 8.3.102.0:


        (5500-4) >show sysinfo
        Manufacturer's Name.............................. Cisco Systems Inc.
        Product Name..................................... Cisco Controller
        Product Version.................................. 8.3.102.0
        Bootloader Version............................... 1.0.1
        Field Recovery Image Version..................... 6.0.182.0
        Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
        Build Type....................................... DATA + WPS
        .
        .
        .



    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by these
    vulnerabilities.

    Cisco wireless access points configured as part of a mesh network are not
    currently known to be affected by these vulnerabilities.

    Cisco wireless access points running any 12.4-based Cisco IOS Software
    releases are not affected by these vulnerabilities.

    Cisco has confirmed that these vulnerabilities do not affect the following
    products:

    Routing and Switching - Small Business
      + Cisco Small Business RV110W Wireless-N VPN Firewall
      + Cisco Small Business RV120W Wireless-N VPN Firewall
      + Cisco Small Business RV130W Wireless-N Multifunction VPN Router
      + Cisco Small Business RV132W ADSL2+ Wireless-N VPN Router
      + Cisco Small Business RV134W VDSL2 Wireless-AC VPN Router
      + Cisco Small Business RV180W Wireless-N Multifunction VPN Router
      + Cisco Small Business RV215W Wireless-N VPN Router
      + Cisco Small Business RV220W Wireless Network Security Firewall
      + Cisco Small Business RV340W Dual WAN Gigabit Wireless AC VPN Router
      + Cisco WRP500 Wireless-AC Broadband Router

    Voice and Unified Communications Devices
      + Cisco Unified IP Phone 9971
      + Cisco Unified Wireless IP Phone 7925/7926

    Wireless
      + Cisco Aironet 1130 Series Access Points running Cisco IOS Software
      + Cisco Aironet 1240 Series Access Points running Cisco IOS Software
      + Cisco Aironet 1310 series Access Points running Cisco IOS Software
      + Cisco Aironet 600 Series OfficeExtend Access Point
      + Cisco Aironet Access Points running Cisco IOS Software - Client/
        Supplicant/Workgroup bridge mode
      + Cisco Wireless LAN Controller - Controller itself


Details

  * The following vulnerabilities were disclosed in the paper:

    Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols
    - pairwise key reinstallation during the 4-way handshake vulnerability

    A vulnerability in the processing of the 802.11i 4-way handshake messages
    of the WPA and WPA2 protocols could allow an unauthenticated, adjacent
    attacker to force a supplicant to reinstall a previously used pairwise key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    establishing a man-in-the-middle position between supplicant and
    authenticator and retransmitting previously used message exchanges between
    supplicant and authenticator.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13077

    Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols
    - group key reinstallation during the 4-way handshake vulnerability

    A vulnerability in the processing of the 802.11i 4-way handshake messages
    of the WPA and WPA2 protocols could allow an unauthenticated, adjacent
    attacker to force a supplicant to reinstall a previously used group key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    establishing a man-in-the-middle position between supplicant and
    authenticator and retransmitting previously used message exchanges between
    supplicant and authenticator.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13078

    Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols
    - integrity group key reinstallation during the 4-way handshake
    vulnerability

    A vulnerability in the processing of the 802.11i 4-way handshake messages
    of the WPA and WPA2 protocols could allow an unauthenticated, adjacent
    attacker to force a supplicant to reinstall a previously used integrity
    group key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    establishing a man-in-the-middle position between supplicant and
    authenticator and retransmitting previously used message exchanges between
    supplicant and authenticator.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13079

    Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols
    - group key reinstallation during the group key handshake vulnerability

    A vulnerability in the processing of the 802.11i group key handshake
    messages of the WPA and WPA2 protocols could allow an unauthenticated,
    adjacent attacker to force a supplicant to reinstall a previously used
    group key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    establishing a man-in-the-middle position between supplicant and
    authenticator and retransmitting previously used message exchanges between
    supplicant and authenticator.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13080

    Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols
    - integrity group key reinstallation during the group key handshake
    vulnerability

    A vulnerability in the processing of the 802.11i group key handshake
    messages of the WPA and WPA2 protocols could allow an unauthenticated,
    adjacent attacker to force a supplicant to reinstall a previously used
    integrity group key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    establishing a man-in-the-middle position between supplicant and
    authenticator and retransmitting previously used message exchanges between
    supplicant and authenticator.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13081

    Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols
    - pairwise key reinstallation during the Fast BSS Transition (FT) handshake
    vulnerability

    A vulnerability in the processing of the 802.11r Fast BSS (Basic Service
    Set) Transition handshake messages of the WPA and WPA2 protocols could
    allow an unauthenticated, adjacent attacker to force an authenticator to
    reinstall a previously used pairwise key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    passively eavesdropping on an FT handshake, and then replaying the
    reassociation request from the supplicant to the authenticator.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13082

    Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols
    - station-to-station link (STSL) Transient Key (STK) reinstallation during
    the PeerKey handshake vulnerability

    A vulnerability in the processing of the 802.11 PeerKey handshake messages
    of the WPA and WPA2 protocols could allow an unauthenticated, adjacent
    attacker to force an STSL to reinstall a previously used STK.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    establishing a man-in-the-middle position between the stations and
    retransmitting previously used messages exchanges between stations.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13084

    The following vulnerabilities, while not disclosed in the paper, were also
    found during the same research cycle:

    Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key reinstallation in the
    TDLS handshake

    A vulnerability in the processing of the 802.11z (Extensions to Direct-Link
    Setup) TDLS handshake messages could allow an unauthenticated, adjacent
    attacker to force a supplicant that is compliant with the 802.11z standard
    to reinstall a previously used TPK key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    passively eavesdropping on a TDLS handshake and retransmitting previously
    used message exchanges between supplicant and authenticator.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13086

    Group key (GTK) reinstallation when processing a Wireless Network
    Management (WNM) Sleep Mode Response frame

    A vulnerability in the processing of the 802.11v (Wireless Network
    Management) Sleep Mode Response frames could allow an unauthenticated,
    adjacent attacker to force a supplicant that is compliant with the 802.11v
    standard to reinstall a previously used group key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    passively eavesdropping and retransmitting previously used WNM Sleep Mode
    Response frames.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13087

    Integrity group key (IGTK) reinstallation when processing a Wireless
    Network Management (WNM) Sleep Mode Response frame

    A vulnerability in the processing of the 802.11v (Wireless Network
    Management) Sleep Mode Response frames could allow an unauthenticated,
    adjacent attacker to force a supplicant that is compliant with the 802.11v
    standard to reinstall a previously used integrity group key.

    The vulnerability is due to ambiguities in the processing of associated
    protocol messages. An attacker could exploit this vulnerability by
    passively eavesdropping and retransmitting previously used WNM Sleep Mode
    Response frames.

    This vulnerability has been assigned the following CVE ID: CVE-2017-13088

    Note: Fixes should be installed on both affected access points and wireless
    clients for a complete solution. Installing a fixed software release on an
    affected access point will fix that particular device, but will not prevent
    exploitation of any vulnerabilities affecting a wireless client. The
    converse is also true: installing a fix on a wireless client would fix that
    particular device, but would not prevent exploitation of any
    vulnerabilities affecting an access point. For a complete solution, both
    affected wireless access point and wireless clients should be updated, if
    vulnerable, to a fixed software release.

Workarounds

  * Workaround for CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
    CVE-2017-13080, and CVE-2017-13081

    Limiting the maximum number of Extensible Authentication Protocol (EAP)
    over LAN (EAPoL) key retries to 0 has been determined to be a valid
    workaround for these vulnerabilities. Setting the EAPoL retries value to 0
    means one message will be sent, there will be no retransmissions sent, and
    if the EAPoL timeout is exceeded the client will be removed.

    This workaround can be configured at the global level or at the individual
    wireless LAN (WLAN) level. Please note that the option to configure this
    workaround at the WLAN level is only available on Cisco WLC releases 7.6
    and later. Previous releases only allow configuration at the global (all
    WLANs) level.

    In order to configure this workaround at the global level (for all WLANs),
    use the following command in the WLC CLI:

        config advanced eap eapol-key-retries 0

    The command show advanced eap can be used to verify the configuration
    change is now active on the device (in bold on the following example
    output):


        (wlc-hostname)> show advanced eap
        EAP-Identity-Request Timeout (seconds)........... 30
        EAP-Identity-Request Max Retries................. 2
        EAP Key-Index for Dynamic WEP.................... 0
        EAP Max-Login Ignore Identity Response........... enable
        EAP-Request Timeout (seconds).................... 30
        EAP-Request Max Retries.......................... 2
        EAPOL-Key Timeout (milliseconds)................. 1000
        EAPOL-Key Max Retries............................ 0
        EAP-Broadcast Key Interval....................... 120


    In order to configure this workaround for a specific WLAN, the following
    two commands should be entered in the WLC CLI:

        config wlan security eap-params enable WLAN-NUMBER
        config wlan security eap-params eapol-key-retries 0 WLAN-NUMBER

    Both commands must be entered and WLAN-NUMBER should be replaced with the
    actual WLAN number. In the following example, the workaround is being
    implemented on WLAN number 24:

        config wlan security eap-params enable 24
        config wlan security eap-params eapol-key-retries 0 24


    The command show wlan WLAN-NUMBER (where WLAN-NUMBER is replaced with the
    appropriate WLAN number) can be used then to verify the configuration
    change is now active on the device (in bold on the following example
    output):

        (wlc-hostname)> show wlan 24
        WLAN Identifier.................................. X
        Profile Name..................................... ftpsk
        Network Name (SSID).............................. ftpsk
        .
        .
        .
          Tkip MIC Countermeasure Hold-down Timer....... 60
          Eap-params.................................... Enabled
             EAP-Identity-Request Timeout (seconds)..... 30
             EAP-Identity-Request Max Retries........... 2
             EAP-Request Timeout (seconds).............. 30
             EAP-Request Max Retries.................... 2
             EAPOL-Key Timeout (milliseconds)........... 1000
             EAPOL-Key Max Retries...................... 0


    Note: Implementing the previous workaround may have a negative impact on
    normal wireless client association to the access point in the following
    scenarios:
      + Clients that are slow or may drop initial processing of EAPoL message
        number 1 (M1). This is seen on some embedded/CPU-limited clients, which
        may receive the M1 and not be ready to process it after the 802.1x 
        authentication phase.
      + Environments with RF (Radio Frequency) interference or a WAN connection
        between the access point (AP) and the WLC, which may result in packet
        drops at some point on transmission towards clients.
    In either scenario the outcome would be an EAPoL exchange failure and the
    wireless client will lose its authentication, requiring it to restart the
    association/authentication processes.

    Workaround for CVE-2017-13082

    For customers who are concerned about CVE-2017-13082 (Accepting a
    Retransmitted FT Reassociation Request and Reinstalling the Pairwise Key
    While Processing It), the workaround is as follows:
      + If no interactive applications such as Voice over IP (VoIP) or video
        are being used on the network, you can disable 11r support on the
        access point.
      + If VoIP applications are in use but the supplicants support CCKM (for
        example, Cisco Wireless Phones), you can disable 11r support and
        reconfigure the clients to use CCKM (Cisco Centralized Key Management),
        which should provide a similar roaming experience.
    Note: Disabling 11r support may have negative performance and availability
    impact on the network. Customers should verify that disabling 11r would not
    negatively impact their environment before performing such configuration
    change on their infrastructure devices.

    No workarounds have been identified for CVE-2017-13086, CVE-2017-13087, or
    CVE-2017-13088. Any future workarounds that address these vulnerabilities
    will be documented in the respective Cisco bugs, which are accessible
    through the Cisco Bug Search Tool.

Fixed Software

  * 
    Updates for affected software releases will be published when they are
    available and information about those updates will be documented in Cisco
    bugs, which are accessible through the Cisco Bug Search Tool.

    When Cisco releases software updates that address these vulnerabilities,
    customers may only install and expect support for software versions and
    feature sets for which they have purchased a license. By installing,
    downloading, accessing, or otherwise using such software upgrades,
    customers agree to follow the terms of the Cisco software license:
    http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page, to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Software Availability for Cisco Wireless Access Points

    Unified Wireless Networks using Cisco Wireless LAN Controllers (WLC) and
    wireless networks using Mobility Express

    First fixed release availability is as follows:


               8.0.152.0: available now
               8.2.166.0: available now
    CSCvg42682 8.3.133.0: available now
               8.5.105.0: available now
               8.6.100.0: TBD
               8.2.166.0: available now
    CSCvg10793 8.3.133.0: available now
               8.5.105.0: available now
               8.6.100.0: TBD



    Note: 8.0-based WLC software does not support the Cisco Wireless Access
    Points affected by CSCvg10793. Fixes for CSCvg10793 will not be included in
    8.0-based software releases.

    Note: Previously published software Release 8.3.131.0 contains fixes for
    CSCvg10793 only and does not include fixes for CSCvg42682. Customers whose
    deployments are entirely composed of Wave 2 (AP-COS) wireless access points
    can download and deploy Release 8.3.131.0 or 8.3.132.0 (or later) to fix
    CVE-2017-13082. Customers whose deployments include a mix of devices, some
    affected by CSCvg42682 (i.e., running Cisco IOS Software) and some affected
    by CSCvg10793 (i.e., Wave 2/AP-COS devices), or customers whose deployments
    only include devices affected by CSCvg42682 should instead download and
    install Release 8.3.132.0 or later (if running an 8.3-based release) or any
    of the previously listed releases for a complete solution.

    Note: As of October 25, 2017, all published 8.3.13x.0 releases are impacted
    by Cisco bug ID CSCvf87731. Customers should work with their support
    provider to determine if this bug may impact their deployment and if they
    should postpone a software upgrade until a fix becomes available.

    Converged Wireless Networks using Cisco Catalyst 3650 Series Switches,
    Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Supervisor Engine
    8E, or Cisco 5760 Wireless LAN Controller

    Releases 3.6.7bE and 16.3.5b

    Autonomous Access Points

    Releases 15.3(3)JC14 and later, 15.3(3)JD11 and later, and 15.3(3)JF1 and
    later.


Exploitation and Public Announcements

  * The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerabilities that are
    described in this advisory.

Source

  * These vulnerabilities were reported to Cisco by Dr. Mathy Vanhoef, PhD.
    Cisco would like to thank Dr. Vanhoef and Prof. Frank Piessens, both from
    Katholieke Universiteit Leuven, for their continued help and support during
    the handling of these vulnerabilities.

    Cisco would also like to thank John Van Boxtel from Cypress Semiconductor
    Corp, who identified an additional attack vector into CVE-2017-13077.

    Cisco collaborated with The Industry Consortium for Advancement of Security
    on the Internet (ICASI) during the investigation and disclosure of these
    vulnerabilities. More information can be found at http://www.icasi.org/
    wi-fi-protected-access-wpa-vulnerabilities.

Cisco Security Vulnerability Policy

  * To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy. This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

  * Subscribe

Action Links for This Advisory

  * Snort Rule 44640

URL

  * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20171016-wpa

Revision History

  * 
    +-----------------------------------------------------------------------------+
    | Version |     Description     |    Section     | Status  |       Date       |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated first fixed |                |         |                  |
    | 2.8     | release information | Vulnerable     | Final   | 2017-December-14 |
    |         | for multiple        | Products       |         |                  |
    |         | products.           |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated list of     | Products Under |         |                  |
    |         | products under      | Investigation, |         |                  |
    | 2.7     | investigation and   | Vulnerable     | Final   | 2017-November-28 |
    |         | vulnerable          | Products       |         |                  |
    |         | products.           |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated fix         |                |         |                  |
    | 2.6     | availability        | Vulnerable     | Final   | 2017-November-20 |
    |         | information for SMB | Products       |         |                  |
    |         | products.           |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated the fixed   |                |         |                  |
    | 2.5     | release information | Fixed Software | Final   | 2017-November-15 |
    |         | for Autonomous      |                |         |                  |
    |         | Access Points.      |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         |                     | Heading,       |         |                  |
    |         | Updated information | Summary,       |         |                  |
    |         | for vulnerable and  | Affected       |         |                  |
    |         | non-vulnerable      | Products,      |         |                  |
    | 2.4     | products, and fixed | Vulnerable     | Final   | 2017-November-14 |
    |         | software. Changed   | Products,      |         |                  |
    |         | the advisory status | Products       |         |                  |
    |         | to "Final."         | Confirmed Not  |         |                  |
    |         |                     | Vulnerable,    |         |                  |
    |         |                     | Fixed Software |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated information | Products Under |         |                  |
    |         | for vulnerable and  | Investigation, |         |                  |
    |         | non-vulnerable      | Vulnerable     |         |                  |
    | 2.3     | products, and       | Products,      | Interim | 2017-November-03 |
    |         | products under      | Products       |         |                  |
    |         | investigation.      | Confirmed Not  |         |                  |
    |         | Updated metadata.   | Vulnerable     |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Added additional    | Summary,       |         |                  |
    |         | workarounds.        | Products Under |         |                  |
    |         | Updated fixed       | Investigation, |         |                  |
    |         | software            | Vulnerable     |         |                  |
    | 2.2     | availability        | Products,      | Interim | 2017-October-25  |
    |         | information,        | Products       |         |                  |
    |         | vulnerable and      | Confirmed Not  |         |                  |
    |         | non-vulnerable      | Vulnerable,    |         |                  |
    |         | product lists.      | Workarounds,   |         |                  |
    |         |                     | Fixed Software |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated Fixed       |                |         |                  |
    |         | Software section    |                |         |                  |
    |         | based on additional |                |         |                  |
    | 2.1     | software fixes now  | Summary, Fixed | Interim | 2017-October-23  |
    |         | available for       | Software       |         |                  |
    |         | wireless access     |                |         |                  |
    |         | points. Updated     |                |         |                  |
    |         | Summary.            |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated fix         |                |         |                  |
    |         | information for     | Heading,       |         |                  |
    |         | devices running     | Summary,       |         |                  |
    | 2.0     | Cisco IOS Software. | Vulnerable     | Interim | 2017-October-20  |
    |         | Updated Vulnerable  | Products,      |         |                  |
    |         | Products, Fixed     | Fixed Software |         |                  |
    |         | Software and        |                |         |                  |
    |         | Summary.            |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated fix         |                |         |                  |
    | 1.5     | information for bug | Fixed Software | Interim | 2017-October-19  |
    |         | CSCvg10793.         |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated the         |                |         |                  |
    |         | non-vulnerable      |                |         |                  |
    |         | products with       |                |         |                  |
    |         | information about   |                |         |                  |
    |         | mesh networks and   | Vulnerable     |         |                  |
    |         | 12.4 IOS releases,  | Products,      |         |                  |
    | 1.4     | updated Fixed       | Non-Vulnerable | Interim | 2017-October-19  |
    |         | Software section,   | Products,      |         |                  |
    |         | Updated Vulnerable  | Fixed Software |         |                  |
    |         | Products section    |                |         |                  |
    |         | with First Fixed    |                |         |                  |
    |         | Release             |                |         |                  |
    |         | information.        |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated the Summary |                |         |                  |
    |         | section. Updated    |                |         |                  |
    |         | information for     | Summary,       |         |                  |
    |         | vulnerable          | Affected       |         |                  |
    | 1.3     | products. Added     | Products,      | Interim | 2017-October-18  |
    |         | section to assess   | Vulnerable     |         |                  |
    |         | wireless            | Products       |         |                  |
    |         | deployments for     |                |         |                  |
    |         | CVE-2017-13082.     |                |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated information | Vulnerable     |         |                  |
    |         | for vulnerable and  | Products,      |         |                  |
    |         | non-vulnerable      | Non-Vulnerable |         |                  |
    |         | products, and       | Products,      |         |                  |
    | 1.2     | products under      | Products Under | Interim | 2017-October-17  |
    |         | investigation.      | Investigation, |         |                  |
    |         | Updated the Details | Fixed          |         |                  |
    |         | and Fixed Software  | Software, and  |         |                  |
    |         | sections.           | Details        |         |                  |
    |         |                     | sections.      |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    |         | Updated information | Vulnerable     |         |                  |
    |         | for vulnerable and  | Products,      |         |                  |
    | 1.1     | non-vulnerable      | Non-vulnerable | Interim | 2017-October-16  |
    |         | products, and       | Products and   |         |                  |
    |         | products under      | Products Under |         |                  |
    |         | investigation.      | Investigation  |         |                  |
    |---------+---------------------+----------------+---------+------------------|
    | 1.0     | Initial public      | ?              | Interim | 2017-October-16  |
    |         | release.            |                |         |                  |
    +-----------------------------------------------------------------------------+

- -------------------------------------------------------------------------------

Legal Disclaimer

  * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
    OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
    FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
    OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
    THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

    A standalone copy or paraphrase of the text of this document that omits the
    distribution URL is an uncontrolled copy and may lack important information
    or contain factual errors. The information in this document is intended for
    end users of Cisco products.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWjcJJox+lLeg9Ub1AQgAuQ//UhUyRLvgy4aYU6k7b1zwCDqEQt4jJMcv
jo5WlsF2zioaUqdTln3TGWmetX6P85uRiGI7G2jX/qNZIqItzfz4BUHMukj4gXTP
70xoDkRTdiBotv4UNILzMfIW8BGrjWB+umRz48v0zUph+yeOCIegYpWnxlqBRgWE
hkb5mXSjsfIL8h9fXeHPxcFfV4aLKsPeFv2DE/nv16fLY4hvUKJMIcsYZhB7w//7
o1W3ldmsBTcCJtUMzVC0hHf7xtNQFuC9THgx09QtnSNInnDKQ6tbHaUbkqlYLSae
jf8tO5EjX+EkzGpAqKbSZkLTqH2g3NSSnkvpDWKWanhCiwIBP5s6zF2BthvJZzLc
lUsBQFHWOVlmw3lm+QpvmUahGTuz5Kgf72uigkTGcykSZFNib7SSAZ0NwLIVgnk+
YHI8l69ULvScKfhQ6ijmBbAFCnUYJGSBczOTrYus3Hh2bJKXIJIQDMFA4kVrazvX
z0b1tImcSMJtOLDynxtbnFlL3IaBn54eM/jycLr1gW3zQHlVhkOVs4Yl/4ntVjaC
lbSNnZkOXY0l6PdsBwIOG7NPp62gRXWkEG/Jtmd0SOc/mB8xCtdeltIpb0QqjfW2
9u0Bwe+uSUTD4PS+NVeNBLuhW6v7cj6iXGvqULbcxA2T0+NRu5J7PlD+9NqVg7zk
VmhnoGwrDxU=
=OtPY
-----END PGP SIGNATURE-----

« Back to bulletins