This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Patches against fragattacks?

Yesterday researchers published quite a bunch of CVEs for the  Wi-Fi protocoll (FragAttacks: Security flaws in all Wi-Fi devices).

  • CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).
  • CVE-2020-24587: mixed key attack (reassembling fragments encrypted under different keys).
  • CVE-2020-24586: fragment cache attack (not clearing fragments from memory when (re)connecting to a network).
  • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
  • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
  • CVE-2020-26140: Accepting plaintext data frames in a protected network.
  • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.
  • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames

The researchers stated that they informed vendors nine month ago and some vendors seem to have published patches for their products.

Are Patches available for Sophos APs and APXs?



This thread was automatically locked due to age.
Parents Reply
  • 1.  We don't know yet if Sophos is even affected by it.  Just because one vendor was vulnerable doesn't mean the next one is.

    2.  There is a difference between informing, publishing information and patching - and they are not all in that order.  Publishing vulnerabilities like this are not the first thing to happen, it's usually informing the security companies first - for secrecy sake. 

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data