Cisco plugs WPA2 holes, critical Cloud Services Platform flaw

Cisco has released updates to address vulnerabilities in a wide variety of its products. Among these are updates fixing the WPA2 vulnerabilities that can be exploited in the newly unveiled KRACK attacks, as well as a critical vulnerability affecting the company’s Cloud Services Platform.

The WPA2 flaws

Cisco is still working on finishing the list of its products that are affected by one or more of the ten vulnerabilities affecting WPA and WPA2 discovered by researcher Mathy Vanhoef.

“Among these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices,” the company pointed out.

CVE-2017-13082 is also the only vulnerability for which there is a workaround, as it affects only deployments that support the fast BSS transition (FT) feature and have it enabled.

For the rest, Cisco has already pushed out security updates or is in the process of doing so. The list of affected devices – routers, IP phones, access points, endpoint clients and client software – is long, and customers should peruse it carefully and proceed with the patching – if a patch is available.

At the moment, the company’s Product Security Incident Response Team is not aware of any public announcements or malicious use of these vulnerabilities.

The Cloud Services Platform vulnerability

The vulnerability was discovered by Chris Day, a security consultant with MWR InfoSecurity, in the web console of the Cisco Cloud Services Platform (CSP) 2100.

The flaw could allow an authenticated, remote attacker to interact with the services or virtual machines operating remotely on an affected CSP device.

“The vulnerability is due to weaknesses in the generation of certain authentication mechanisms in the URL of the web console. An attacker could exploit this vulnerability by browsing to one of the hosted VMs’ URLs in Cisco CSP and viewing specific patterns that control the web application’s mechanisms for authentication control. An exploit could allow the attacker to access a specific VM on the CSP, which causes a complete loss of the system’s confidentiality, integrity, and availability,” the company specified.

There is no workaround for the flaw, so users are definitely advised to download and implement Cisco Cloud Services Platform Release 2.2.3 or later.

This vulnerability, too, according to the Cisco PSIRT’s knowledge, is not being actively exploited in the wild.

UPDATE (OCTOBER 20, 2017):
Cisco has updated their advisory regarding the WPA2 weaknesses, to say that “additional testing performed on October 20th, 2017 resulted in the discovery that the software fixes for CVE-2017-13082 on Cisco Access Points running Cisco IOS Software may not provide complete protection.”

They are working on new, complete fixes for these devices, but didn’t say when the new fixes can be expected to be ready.