Kr00k wireless vulnerability

SOLVED
jbright
A model citizen

Kr00k wireless vulnerability

Cisco has identified 14 wireless devices so far that are vulnerable to the new Kr00k vulnerability (CVE-2019-15126)

 

https://www.bleepingcomputer.com/news/security/cisco-working-on-patches-for-new-kr00k-wifi-vulnerabi...

 

No mention of any Meraki wireless equipment yet.

 

Has anybody heard differently yet?

 

1 ACCEPTED SOLUTION
MerakiDave
Meraki Employee
Meraki Employee

@jbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February.  Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.

More info here.

https://documentation.meraki.com/zGeneral_Administration/Privacy_and_Security/FullMAC_Wi-Fi_chipsets...

and 

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

 

View solution in original post

17 REPLIES 17
MerakiDave
Meraki Employee
Meraki Employee

I have not heard any reports of Meraki APs being affected but will double check.  All of the recent and current APs do not use Broadcom or Cypress chipsets and are not vulnerable, but some of the older End-of-Sale APs had Broadcom, that's what I'll check on and get back to you.  

Yes, you right,

I also didn't face any vulnerability in our environment. And didn't get any update from Meraki side.

jbright
A model citizen

I was going to say, Meraki uses Qualcomm so they should not be affected
Nolan Herring | nolanwifi.com
TwitterLinkedIn
AlexanderN
Meraki Employee
Meraki Employee

This is being accessed by our Security Team. Updates to follow.

AlexanderN
Meraki Employee
Meraki Employee

Meraki is aware of the CVE-2019-15126 vulnerability (also commonly known as Kr00k). At this time, Meraki is evaluating the impact and the affected products (if any). We will provide updates as we make progress to ensure the security of our products.

AlexanderN
Meraki Employee
Meraki Employee

Update:

 

None of our orderable 802.11ac Wave 2 (MR20, MR33, MR30H, MR42, MR52, MR53, MR42E, MR53E, MR70, MR74, MR84) or 802.11ax (WiFi-6) Access Points (MR45, MR55, MR36, MR46, MR56) are susceptible to this vulnerability. 

 

Older APs not listed above may be affected, and more updates on those SKUs will be provided soon.

Thank you for the update @AlexanderN
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Any further updates on other SKUs, @AlexanderN? Is there an official source for information on this issue?

Still in progress. We are in uncharted territory right now with the global coronavirus pandemic, so we should expect responses to/from other teams that are involved to be delayed. I hope you understand. Thanks.

AlexanderN
Meraki Employee
Meraki Employee

Cisco Meraki Customer Advisories page has been updated with the relevant information.

cmr
Kind of a big deal
Kind of a big deal

A quick summary:

 

WPA2 security can be bypassed on some devices.

 

For the MX64W and MX65W you need 15.28 to no longer be vulnerable.

 

For the MR26, MR32, MR34 and MR72 you need 26.8, which is due to be available in May.

 

Boy, am I glad we are in lockdown, we have ~30 affected devices and our corporate SSID currently uses WPA2!

MerakiDave
Meraki Employee
Meraki Employee

@jbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February.  Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.

More info here.

https://documentation.meraki.com/zGeneral_Administration/Privacy_and_Security/FullMAC_Wi-Fi_chipsets...

and 

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

 

Version 26.8 now available to upgrade. 

 

Looks like it's also the initial stable firmware for some unreleased access points too ... unless I've missed a webinar.

This is correct. Initial stable firmware for MR46E/MR76/MR86 upcoming APs 😎

 

AlexanderN
Meraki Employee
Meraki Employee

@jbright this thread should be good to close, I believe?


@AlexanderN wrote:

@jbright this thread should be good to close, I believe?


I'm going to go ahead and mark @MerakiDave's response as the solution for better visibility when people happen upon this thread. @jbright do let us know if you need any further info though!

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels