-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2020-003 CVE: CVE-2019-15126 Publication Date: 2020-Mar-26 Status: Confirmed Revision: 3 Title ===== WPA and WPA2 Disassociation Vulnerability ("Kr00k") Overview ======== A timing flaw in certain Wi-Fi chip firmware may allow an attacker to decrypt a limited amount of WPA2-encrypted frames using a known all-zero key. Some Aruba products are affected by this vulnerability. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known. Affected Products ================= This vulnerability affects specific Aruba Wi-Fi access points running Aruba Instant. These access points are not affected when operating under the control of a Mobility Controller in the default tunnel mode, but are affected if the access point is operating in local bridging mode, distributed tunnel (Dtunnel) mode, or mesh mode. The following Wi-Fi access points are affected: - Aruba 2xx series - AP-344/345 - AP-504/505 - AP-514/515 Other Aruba access points, including Instant On models, are not affected. Details ======= When APs handle a disassociation event for a Wi-Fi client, encryption keys are deleted immediately, and are replaced by an all-zeros key. Further Wi-Fi traffic is not accepted by the hardware for transmission, but traffic already in the transmission queue is not flushed immediately. During the small time window during disassociation processing, frames already buffered in the hardware transmit queue will be encrypted using the all-zeros key and then transmitted. An attacker monitoring this transmission could decrypt those specific frames. An attacker CANNOT: - discover the original encryption key - decrypt any other frames from the Wi-Fi session - inject data frames - cause buffer overflows - corrupt memory - execute arbitrary code on the AP - decrypt higher-layer protocols such as SSL/TLS Wi-Fi frames encrypted using the all-zeros key could be acquired through one of two methods: - Intentionally causing a disassociation by transmitting forged deauth frames to a Wi-Fi AP or client, and then capturing resulting transmissions - Passively listening to a Wi-Fi session and capturing frames sent after a disassociation Within the Aruba product family, only specific APs are affected by this vulnerability, and only when using the AP's internal encryption hardware. APs using a Broadcom Wi-Fi chipset (AP-2xx, AP-344/345, AP-504/505, AP-514/515) are affected, only in one of the following configurations: - Running Aruba Instant, or - Running controller-based ArubaOS with an SSID configured in local bridging mode or distributed tunnel (Dtunnel) mode, or - Running controller-based ArubaOS when configured in mesh mode. The mesh link between mesh portal and mesh point is encrypted using the AP's Wi-Fi chipset and is affected by this vulnerability. Client-serving SSIDs are affected only if configured in local bridging or Dtunnel mode. Customers using controller-based APs in the default "tunnel" mode are not affected. Severity: LOW CVSSv3 Overall Score: 3.1 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Resolution ========== These vulnerabilities are fixed in the following ArubaOS patch releases, which will be available in the corresponding dates: - -- 8.6.0.3 : Released - -- 8.5.0.7 : Released - -- 8.3.0.13 : 09 April 2020 - -- 8.2.2.9 : 12 June 2020 - -- 6.5.4.17 : 15 May 2020 - -- 6.4.4.23 : 10 April 2020 Discovery ========= This vulnerability was discovered by researchers Miloš Čermák, Robert Lipovský and Štefan Svorenčík. Workarounds =========== No workaround is available. Exploitation and Public Discussion ================================== This vulnerability is being widely discussed in public. Proof of concept code has been developed, but has not been widely shared. A research paper is available describing the vulnerability and attack technique. Revision History ================ Revision 1 / 2020-Feb-28 / Initial release Revision 2 / 2020-Mar-13 / Added target versions and dates in Resolution Revision 3 / 2020-Mar-26 / Added 8.2.2.9 target version and updated release dates in Resolution Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAl57W5sACgkQmP4JykWF htmZdQf+LnmONDh98pXyADF5EcSzuE40dEO6bTZO1tbGOUXqb8Wo4QKt7/wpghA/ Rcipuoa2CpeQ2Rf3DLc3Eybs2Mz1LvXsLZW4fcNsYwG9XCvwj84qcHO2rSrW6TcA AE6+xs/o8ku+p2Scu+Mvtj4Sb1DXBGaU6LwLGShOFMpUtVnSGun19CFhf1P2gg3c dFB43IWl8OP6Sm5LuPdAONGRv/5jhuWxnkEAnM5GyqPGFApj7GGQc5p7dxI5ulTq Af0pssfxUmn2MrGT3WLMViUaE7ppNVV65HDjBxa52qcJKTLgERl99IYbmjF0wUBw QbratzFluvBLfWy2PWjIWX+LMpeB8w== =Jp8u -----END PGP SIGNATURE-----