cisco-sa-20200226-wi-fi-info-disclosure: Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
First published: Thu Feb 27 2020(Updated: )
On February 26th, 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network. The vulnerability exists because after an affected device handles a disassociation event it could send a limited number of Wi-Fi frames encrypted with a static, weak PTK. An attacker could exploit this vulnerability by acquiring these frames and decrypting them with the static PTK. A successful exploit could allow the attacker to decrypt Wi-Fi frames without the knowledge of the security session establishment used to secure the Wi-Fi network. Multiple Cisco wireless products are affected by this vulnerability. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
Credit: Security researchers Štefan Svorencík Robert Lipovsky ESET have reported this vulnerability to the Industry Consortium for Advancement of Security on the InternetCisco collaborated with ICASI during the investigation disclosure this vulnerability
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Products | ||
| Broadcom WiFi chipsets |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20200226-wi-fi-info-disclosure?
The severity of cisco-sa-20200226-wi-fi-info-disclosure is classified as high due to the potential for unauthorized decryption of Wi-Fi traffic.
How do I fix cisco-sa-20200226-wi-fi-info-disclosure?
To fix cisco-sa-20200226-wi-fi-info-disclosure, ensure that firmware updates are applied to the affected Cisco Wireless products and Broadcom Wi-Fi chipsets as recommended by the manufacturers.
Who is affected by cisco-sa-20200226-wi-fi-info-disclosure?
cisco-sa-20200226-wi-fi-info-disclosure affects users of certain Cisco Wireless products and Broadcom Wi-Fi chipsets.
What type of attack is associated with cisco-sa-20200226-wi-fi-info-disclosure?
cisco-sa-20200226-wi-fi-info-disclosure is associated with unauthorized decryption attacks from adjacent unauthenticated attackers.
When was cisco-sa-20200226-wi-fi-info-disclosure disclosed?
cisco-sa-20200226-wi-fi-info-disclosure was disclosed on February 26, 2020.
- collector/cisco-advisory
- agent/type
- agent/author
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco products
- vendor/broadcom
- canonical/broadcom wifi chipsets