On May 12, 2021, the researcher Mathy Vanhoef released a security advisory disclosing multiple medium severity CVEs for the 802.11 Wireless Network Specification, which is applicable to a wide variety of WiFi products. These vulnerabilities can be triggered by an adjacent attacker. If exploited, these vulnerabilities may lead to information disclosure under certain conditions, as well as unauthorized participation in a vulnerable network.
Sophos customers using any of the products mentioned below are impacted. If you are not using these products, you are not impacted.
Sophos is working on porting available patches to the impacted firmware versions for all of the products above.
XG(S) managed APX (APX120, APX320, APX530, APX740)
Addressed in APX Firmware 11.0.016
SG managed APX (APX120, APX320, APX530, APX740)
Planned for 9.7 MR8
XGS Integrated Wi-Fi and Optional Wi-Fi module
Addressed in SFOS v18.5 MR1
Central managed APX (APX120, APX320/X, APX530, APX740)
Central managed AP (AP100/C/X, AP55/C, AP15/C)
XG(S)/SG managed RED and SD-RED Wi-Fi
XG Integrated Wi-Fi and Optional Wi-Fi module v18.x
XG Integrated Wi-Fi and Optional Wi-Fi module v17.5
XG(S)/SG managed AP (AP100/C/X, AP55/C, AP15/C)
SG Integrated Wi-Fi and Optional Wi-Fi module
Sophos will update this page with the latest information as it becomes available.