Overview

A vulnerability in the WPA2 protocol has been discovered and could allow an attacker to read encrypted information. This attack affects all WPAWPA2 protected WI-Fi Networks as the vulnerability is with the Wi-Fi WPA/WPA2  standard and not any individual products or implementations.

The following CVE IDs have been assigned to document these vulnerabilities in the WPA/WPA2 protocol:

• CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
• CVE-2017-13078: reinstallation of the group key in the Four-way handshake
• CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
• CVE-2017-13080: reinstallation of the group key in the Group Key handshake
• CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
• CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
• CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
  
• CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
• CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
• CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

How this affects Sophos partners and customers

Sophos products affected:

• Sophos UTM Wireless
• Sophos Firewall Wireless
• Sophos Central Wireless

How this impacts Sophos

All Sophos wireless products are affected: Wireless Protection in XG Firewall, Sophos UTM  as well as Sophos Central Managed Wireless. Sophos will release patches as soon as they are made available.

Protections offered by Sophos products

The Wireless team is currently working on the necessary patch and after full implementation and testing on our solutions, we will be able to release a fix. This process can take a number of days.

The below list shows the scheduled patched version to correct the WPA/WPA2 vulnerability and expected release dates. All dates and version numbers are subject to change.

• Sophos UTM:
  • 9.5 SR 2 (9.505) : 2017-10-20
  • 9.4 SR 3 (9.415) : 2017-11-06
• Sophos Firewall:
  • v16.5 : 2017-10-20 (AP firmware)
  • v17.0: 2017-10-23
• Cloud Wireless: 2017-10-20 
• Cyberoam UTM: Cyberoam is not affected by this vulnerability
  

Recommended actions

• Apply patches as soon as they are available. Sophos will update this article whenever a patch is released to fix the vulnerability.
• Customers can reduce their exposure to the vulnerabilities by disabling the Fast Roaming options and disabling Mesh.
• Exposure to these vulnerabilities can be reduced by patching the wireless client or the access point. In most cases a patch for the wireless client will greatly reduce the chances of being attacked, even if the AP is still vulnerable.  Microsoft and many other vendor's have released patches that help block against these exploits. 

Related information

• Key Reinstallation Attacks, Breaking WPA2 by forcing nonce reuse
• Naked Security: Wi-Fi at risk from KRACK attacks – here’s what to do

Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.