This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Patches against fragattacks?

Yesterday researchers published quite a bunch of CVEs for the  Wi-Fi protocoll (FragAttacks: Security flaws in all Wi-Fi devices).

  • CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).
  • CVE-2020-24587: mixed key attack (reassembling fragments encrypted under different keys).
  • CVE-2020-24586: fragment cache attack (not clearing fragments from memory when (re)connecting to a network).
  • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
  • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
  • CVE-2020-26140: Accepting plaintext data frames in a protected network.
  • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.
  • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames

The researchers stated that they informed vendors nine month ago and some vendors seem to have published patches for their products.

Are Patches available for Sophos APs and APXs?



This thread was automatically locked due to age.
Parents
  • __________________________________________________________________________________________________________________

  • Hi

    To be honest: "We will update this page with new information as it becomes available." -> Really? When? On Christmas 2025?

    The Coordinated-Disclosure-Prozess has been worked trough by "security vendors" for 9 months (!). Maybe I shouldn't have trusted that Sophos (according to its own marketing promises) would be one of these security vendors. There ist already Information available from at least Arista Networks, Aruba, AVM, Cisco, Dell, Intel, Juniper, Lenovo, Lancom, Linksys, Netgear, Ruckus, Zyxel. Your support (Sophos Case ID 03985551) doesn't even know that this topic and link exists - and asked me for more information about the Problems I have with Sophos APs (and what FragAttack might be).
    To open a support case (again) was a waste of time, only.

    Our customers read various horror reports in the press and are concerned that they are using Soho's WiFi. Regardless of whether the worries are justified or not: Sophos does not support its partners and solves them while standing in the rain. Yet again! I feel sorry for all Sophos employees who are just as let down by their company as their partners and customers. It's nice that we can see how great and progressive Sophos is every week in marketing mode. Which technician still believes you?

    Still thanks for the link. Even if a "like" seems absurd at the moment. I would reconsider it.

    Cheers, Janbo

    ---

    janbo.noerskau@comedia.de UTM lover ;-)

Reply
  • Hi

    To be honest: "We will update this page with new information as it becomes available." -> Really? When? On Christmas 2025?

    The Coordinated-Disclosure-Prozess has been worked trough by "security vendors" for 9 months (!). Maybe I shouldn't have trusted that Sophos (according to its own marketing promises) would be one of these security vendors. There ist already Information available from at least Arista Networks, Aruba, AVM, Cisco, Dell, Intel, Juniper, Lenovo, Lancom, Linksys, Netgear, Ruckus, Zyxel. Your support (Sophos Case ID 03985551) doesn't even know that this topic and link exists - and asked me for more information about the Problems I have with Sophos APs (and what FragAttack might be).
    To open a support case (again) was a waste of time, only.

    Our customers read various horror reports in the press and are concerned that they are using Soho's WiFi. Regardless of whether the worries are justified or not: Sophos does not support its partners and solves them while standing in the rain. Yet again! I feel sorry for all Sophos employees who are just as let down by their company as their partners and customers. It's nice that we can see how great and progressive Sophos is every week in marketing mode. Which technician still believes you?

    Still thanks for the link. Even if a "like" seems absurd at the moment. I would reconsider it.

    Cheers, Janbo

    ---

    janbo.noerskau@comedia.de UTM lover ;-)

Children
No Data