Meraki

jbright · ‎Feb 27 2020

Cisco has identified 14 wireless devices so far that are vulnerable to the new Kr00k vulnerability (CVE-2019-15126)

https://www.bleepingcomputer.com/news/security/cisco-working-on-patches-for-new-kr00k-wifi-vulnerabi...

No mention of any Meraki wireless equipment yet.

Has anybody heard differently yet?

MerakiDave · ‎May 5 2020

@jbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February. Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.

More info here.

https://documentation.meraki.com/zGeneral_Administration/Privacy_and_Security/FullMAC_Wi-Fi_chipsets...

and

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

View solution in original post

MerakiDave · ‎Feb 27 2020

I have not heard any reports of Meraki APs being affected but will double check. All of the recent and current APs do not use Broadcom or Cypress chipsets and are not vulnerable, but some of the older End-of-Sale APs had Broadcom, that's what I'll check on and get back to you.

Prateek_1 · ‎Apr 28 2020

Yes, you right,

I also didn't face any vulnerability in our environment. And didn't get any update from Meraki side.

jbright · ‎Feb 27 2020

And here's the link to the Cisco announcement:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-d...

NolanHerring · ‎Feb 27 2020

I was going to say, Meraki uses Qualcomm so they should not be affected

Nolan Herring | nolanwifi.com

AlexanderN · ‎Feb 27 2020

This is being accessed by our Security Team. Updates to follow.

AlexanderN · ‎Mar 2 2020

Meraki is aware of the CVE-2019-15126 vulnerability (also commonly known as Kr00k). At this time, Meraki is evaluating the impact and the affected products (if any). We will provide updates as we make progress to ensure the security of our products.

AlexanderN · ‎Mar 6 2020

Update:

None of our orderable 802.11ac Wave 2 (MR20, MR33, MR30H, MR42, MR52, MR53, MR42E, MR53E, MR70, MR74, MR84) or 802.11ax (WiFi-6) Access Points (MR45, MR55, MR36, MR46, MR56) are susceptible to this vulnerability.

Older APs not listed above may be affected, and more updates on those SKUs will be provided soon.

NolanHerring · ‎Mar 6 2020

Thank you for the update @AlexanderN

Nolan Herring | nolanwifi.com

JoshBarfield · ‎Mar 16 2020

Any further updates on other SKUs, @AlexanderN? Is there an official source for information on this issue?

AlexanderN · ‎Mar 20 2020

Still in progress. We are in uncharted territory right now with the global coronavirus pandemic, so we should expect responses to/from other teams that are involved to be delayed. I hope you understand. Thanks.

AlexanderN · ‎Apr 23 2020

Cisco Meraki Customer Advisories page has been updated with the relevant information.

cmr · ‎Apr 28 2020

A quick summary:

WPA2 security can be bypassed on some devices.

For the MX64W and MX65W you need 15.28 to no longer be vulnerable.

For the MR26, MR32, MR34 and MR72 you need 26.8, which is due to be available in May.

Boy, am I glad we are in lockdown, we have ~30 affected devices and our corporate SSID currently uses WPA2!

If my answer solves your problem please click Accept as Solution so others can benefit from it.

MerakiDave · ‎May 5 2020

@jbright just wanted to come back and close the loop on this one regarding kr00k (CVE ID: CVE-2019-15126, CVSSv3 Base Score: 3.1) that hit back in late February. Meraki MR26, MR32, MR34 and MR72 and MX64W, MX65W use the impacted chips and are affected by this vulnerability.

More info here.

https://documentation.meraki.com/zGeneral_Administration/Privacy_and_Security/FullMAC_Wi-Fi_chipsets...

and

https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

AnythingHosted · ‎May 6 2020

Version 26.8 now available to upgrade.

Looks like it's also the initial stable firmware for some unreleased access points too ... unless I've missed a webinar.

AlexanderN · ‎May 6 2020

This is correct. Initial stable firmware for MR46E/MR76/MR86 upcoming APs 😎

AlexanderN · ‎May 6 2020

@jbright this thread should be good to close, I believe?

CarolineS · ‎May 6 2020

@AlexanderN wrote:

@jbright this thread should be good to close, I believe?

I'm going to go ahead and mark @MerakiDave's response as the solution for better visibility when people happen upon this thread. @jbright do let us know if you need any further info though!

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here

Meraki

Community

Kr00k wireless vulnerability

Kr00k wireless vulnerability