Products: Sierra Wireless GX400,GX440,GX450,MP70,oMG500,oMG2000, MG90, FX30, WP76/77xx,WPx5xx,AR8652,AR75xx

Date of issue: 15 January 2018

 

Recently published research has identified several vulnerabilities in the Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) standard. The following Common Vulnerability and Exposure (CVE) identifiers have been assigned to each of the vulnerabilities:

  • CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
  • CVE-2017-13078: reinstallation of the group key in the Four-way handshake
  • CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
  • CVE-2017-13080: reinstallation of the group key in the Group Key handshake
  • CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
  • CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
  • CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

 

 

Sierra Wireless would like to thank Mathy Vanhoef and Frank Piessens of the imec-DistriNet research group of KU Leuven for discovering and responsibly reporting this issue, as well as the efforts of CERT and ICASI for coordinating the response. For more information please refer to the links below:

 

Scope of Impact

The CVEs reported above affect 3 different modes of Wi-Fi operation when used in conjunction with WPA or WPA2 security:

  • Peer-to-Peer or “Adhoc” networking:

o CVE-2017-13084

o CVE-2017-13086

  • Access Point operation, specifically when the Fast Transition option is enabled (AP with FT)

o CVE-2017-13082

  • Client operation

o CVE-2017-13077 o CVE-2017-13078 o CVE-2017-13079 o CVE-2017-13080 o CVE-2017-13081 o CVE-2017-13087 o CVE-2017-13088

 

Affected Products

The following table lists the product impacts of the three groups of vulnerabilities listed above and the current state of remediation planning. This bulletin will be updated when firmware update release dates are finalized. Please visit https://sierrawireless.com/security for the latest information.

 

Product Vulnerability Impact Fix Version Target Release Date
AdHoc Access Point Client
GX400/4401 N/A NOT Affected Affected TBD TBD
GX4501 N/A NOT Affected Affected TBD TBD
MP70 N/A NOT Affected Affected ALEOS 4.9 Released on Dec 27, 2017
oMG500/2000 N/A NOT Affected Affected MGOS 3.14.6 Released on Oct 25, 2017
MG90 N/A NOT Affected Affected MGOS 4.1.2 Released on Dec 18, 2017
FX302 Affected 4 Affected 4 Affected 4 TBD TBD
WP76/77xx3 Affected 4 Affected 4 Affected 4 FW Release 7 Released on Dec 29, 2017
WPx5xx3 Affected 4 Affected 4 Affected 4 TBD TBD
AR8652, AR75xx3 Affected 4 Affected 4 Affected 4 TBD TBD

1When equipped with a Wi-Fi X-Card 2When equipped with a Wi-Fi IoT Card 3When configured to manage a Wi-Fi radio 4If configured to operate in this mode

 

Mitigation Options

If you are using affected device functions, the best mitigation until the required firmware updates can be applied is to encrypt data traversing the vulnerable Wi-Fi link with a VPN or application-layer encryption. If this is not possible users should evaluate the sensitivity of data transferred over the Wi-Fi connection and consider disabling the vulnerable functions until a firmware update can be applied.

Customers using Legato-based products (FX30, WP76xx, WPx5xx, AR8652, AR75xx) to manage Wi-Fi connectivity have the option to install the latest hostapd/wpa_supplicant patches if they need to update their products and cannot wait for Legato 17.10.

 

Questions / More Information Contact USAT:

 

For consultation on your next M2M / IoT project contact a USAT Representative

For all your M2M connectivity needs visit ExpressM2M a service of USAT

 

 

Share this Article..Email this to someoneShare on FacebookDigg thisTweet about this on TwitterShare on TumblrShare on StumbleUponShare on RedditPrint this pagePin on PinterestShare on LinkedInShare on Google+