Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Mon, 16 Oct 2017 16:45:52 +0200
Type : VULN
Sujet : CERT-Renater : 2017/VULN303 (Cisco : Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II)
===================================================================
                              CERT-Renater

                 Note d'Information No. 2017/VULN303
_____________________________________________________________________

DATE                : 16/10/2017

HARDWARE PLATFORM(S): Cisco wireless products.

OPERATING SYSTEM(S): Cisco wireless products software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
____________________________________________________________________

Cisco Security Advisory: Multiple Vulnerabilities in Wi-Fi Protected
Access and Wi-Fi Protected Access II

Advisory ID: cisco-sa-20171016-wpa

Revision: 1.0

For Public Release: 2017 October 16 14:00 GMT

Last Updated: 2017 October 16 14:00 GMT

CVE ID(s): CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

CVSS Score v(3): 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

+---------------------------------------------------------------------

Summary
=======
On October 16th, 2017, a research paper with the title of "Key
Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly
available. This paper discusses seven vulnerabilities affecting session
key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi
Protected Access II (WPA2) protocols. These vulnerabilities may allow
the reinstallation of a pairwise transient key, a group key, or an
integrity key on either a wireless client or a wireless access point.
Additional research also led to the discovery of three additional
vulnerabilities (not discussed in the original paper) affecting
wireless supplicant supporting either the 802.11z (Extensions to
Direct-Link Setup) standard or the 802.11v (Wireless Network
Management) standard. The three additional vulnerabilities could also
allow the reinstallation of a pairwise key, group key, or integrity
group key.

Multiple Cisco wireless products are affected by these vulnerabilities.

Cisco will release software updates that address these vulnerabilities.
There is a workaround that addresses the vulnerability in
CVE-2017-13082. There are no workarounds that address the other
vulnerabilities described in this advisory.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"]


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]