Products: Sierra Wireless GX400,GX440,GX450,MP70,oMG500,oMG2000, MG90, FX30,WP76xx,WP85xx

Please note: Vulnerability exists for devices with WiFi capabilities only.

Date of issue: 17 October 2017

Recently published research has identified several vulnerabilities in the Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) standard. The following Common Vulnerability and Exposure (CVE) identifiers have been assigned to each of the vulnerabilities:

  • CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
  • CVE-2017-13078: reinstallation of the group key in the Four-way handshake
  • CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
  • CVE-2017-13080: reinstallation of the group key in the Group Key handshake
  • CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
  • CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
  • CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

 

Sierra Wireless would like to thank Mathy Vanhoef and Frank Piessens of the imec-DistriNet research group of KU Leuven for discovering and responsibly reporting this issue, as well as the efforts of CERT and ICASI for coordinating the response. For more information please refer to the links below:

 

Scope of Impact

The CVEs reported above affect 3 different modes of Wi-Fi operation when used in conjunction with WPA or WPA2 security:

  • Peer-to-Peer or “Adhoc” networking:

o CVE-2017-13084

o CVE-2017-13086

  • Access Point operation, specifically when the Fast Transition option is enabled (AP with FT)

o CVE-2017-13082

  • Client operation

o CVE-2017-13077 o CVE-2017-13078 o CVE-2017-13079 o CVE-2017-13080 o CVE-2017-13081 o CVE-2017-13087 o CVE-2017-13088

 

Affected Products

The following table lists the product impacts of the three groups of vulnerabilities listed above and the current state of remediation planning. This bulletin will be updated when firmware update release dates are finalized.

Product Vulnerability Impact Remediation Plan
AdHoc AP with FT Client
GX400/4401 N/A N/A Affected To be advised
GX4501 N/A N/A Affected To be advised
MP70 N/A N/A Affected Upgrade to ALEOS 4.9 when available
oMG500/2000 N/A N/A Affected Upgrade to MGOS 3.14.6 when available
MG90 N/A N/A Affected Upgrade to MGOS 4.1.1 when available
FX302 Affected 4 Affected 4 Affected 4 Upgrade to Legato 17.10 when available
WP76xx, WP85xx3 Affected 4 Affected 4 Affected 4 Upgrade to Legato 17.10 when available

1-When equipped with a Wi-Fi X-Card

2-When equipped with a Wi-Fi IoT Card

3-When configured to manage a Wi-Fi radio

4-If configured to operate in this mode

 

Mitigation Options

If you are using affected device functions, the best mitigation until the required firmware updates can be applied is to encrypt data traversing the vulnerable Wi-Fi link with a VPN or application-layer encryption. If this is not possible users should evaluate the sensitivity of data transferred over the Wi-Fi connection and consider disabling the vulnerable functions until a firmware update can be applied.

Further Information

For further information and technical support, please contact your USAT Corp representative. To contact USAT Corp, please visit here.

 

 

Share this Article..Email this to someoneShare on FacebookDigg thisTweet about this on TwitterShare on TumblrShare on StumbleUponShare on RedditPrint this pagePin on PinterestShare on LinkedInShare on Google+