Cisco Warns 69 Products Impacted by KRACK (16 additional bugs, 4 high severity bugs)

[LASER_oneXM]

Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK).

On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.

U.S. CERT advised users to patch immediately.

According to Cisco’s advisory, no patches are available at this time for the 10 KRACK-related CVEs. Cisco did list one workaround for a limited number of its products. For some older models of Cisco products, the company said “no fixes will be made available.”

“Among these 10 vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices,” Cisco wrote in its Security Advisory. The KRACK vulnerabilities are rated “high” in severity by Cisco.

On its bulletin, Cisco lists 69 impacted products affected by one or more KRACK bugs. The company said it’s still assessing 25 additional products to determine if those are impacted as well.

....see also: Cisco Security Advisories and Alerts

 

[ForgottenSeer 58943]

Cisco fails here, bad.

Fortinet RAP/WIDS/WIP blocked KRACK day one.

Fortnet firmware 5.6.1 and forward, blocked it day one.

Fortinet issued a patch on the 19th that blocked KRACK for devices on the 5.4.X firmware series.

Fortinet is backporting the fix for ALL of their devices going back many years to the 5.2.X series.

One has to wonder, is Cisco being lazy or are they purposely leaving these unpatched at the behest of someone abusing this exploit to compromise devices and networks?