Meraki

Community

SSID Confusion attack

gagan239
Just browsing
‎May 29 2024 12:56 PM
‎May 29 2024 12:56 PM

SSID Confusion attack

Hi,

I would like to know if Meraki has some taken any steps to mitigate this vulnerability.

 

We are:
- using WPA2 encryption and not WPA3
- using RADIUS authentication

 

I hope Meraki will release a patch to mitigate the vulnerability. Does anyone know or shed some light on the steps that Meraki is going to take or is advising the customers ?

0 Kudos
9 Replies 9
alemabrahao
Kind of a big deal
‎May 29 2024 12:58 PM
‎May 29 2024 12:58 PM

What vulnerability? Do you have the CVE?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
gagan239
Just browsing
‎May 29 2024 1:00 PM
‎May 29 2024 1:00 PM

SSID Confusion Attack WiFi Vulnerability (CVE-2023-52424)

0 Kudos
In response to gagan239
alemabrahao
Kind of a big deal
‎May 29 2024 1:06 PM
‎May 29 2024 1:06 PM

This CVE is from 2023, Meraki has probably already released the fix some time ago, as they frequently release new updates.

Have you already contacted support?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 29 2024 1:13 PM
‎May 29 2024 1:13 PM

Doubt that Meraki has published a fix for that. The CVE was published this month.

0 Kudos
rhbirkelund
Kind of a big deal
Kind of a big deal
‎May 29 2024 2:10 PM
‎May 29 2024 2:10 PM

Without knowing exactly what the underlying mechanisms is in this specific CVE, from what I'm reading about it, it's simply an overall design flaw in the 802.11 standard.

It's always been there, and will always be there.

 

Basically it aims at tricking a user to associate to your malicious and less secure SSID (a honeypot) and eavesdrop on all your traffic.

 

If you really want to mitigate it, there's an easy fix.

 

Turn of all your WiFi and Access Points, and cable your devices to the network.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎May 29 2024 4:30 PM
‎May 29 2024 4:30 PM

It's a day old I doubt any vendor has patched it as it's still being analysed. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎May 29 2024 5:47 PM
‎May 29 2024 5:47 PM

There is no public bug or PSIRT for this vulnerability yet, given it's still pretty fresh.

Raise a support ticket for more information as they may already be investigating internally.

0 Kudos
IvanJukic
Meraki Employee
Meraki Employee
‎May 29 2024 5:58 PM
‎May 29 2024 5:58 PM

Hi @gagan239

 

 

NOTE: I DO NOT KNOW, THE FULL INS AND OUTS OF THIS VULNERABILITY.

 

That said, Meraki Air Marshal does have some level of mitigation from Rouge SSIDs. See below guide for further details.

 

https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal

 


Cheers,

Ivan Jukić,
Meraki APJC

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
Paccers
Building a reputation
‎May 29 2024 8:20 PM
‎May 29 2024 8:20 PM

Original writeup came out a few weeks ago: https://www.top10vpn.com/research/wifi-vulnerability-ssid/

 

I wouldn't expect a fix to be released quickly, if at all!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.