Create Case

VN-2020-001 - Wireless "Kr00K" Security Advisory

  • Article Type:
  • Vulnerability Notice
  • Article Number:
  • 000045886
  • Last Modified:
  • 6/2/2020

Vulnerability Summary

 
A new vulnerability affecting Broadcom wireless chips has been released by security researchers from ESET. This vulnerability has been given the name "Kr00k" and is being tracked as CVE-2019-15126. The CVSS score is 3.1 (low), but significant media attention has been given to this vulnerability due to the breadth of devices that are potentially impacted. The vulnerability itself involves a static hard-coded encryption key of all zeroes leading to potential information disclosure for a limited set of WiFI traffic.

Products Potentially Affected

 
HiveOS 10.0r8 and 8.2r6 - vulnerable, but will be fixed in 10.0r8a and 8.2.r7 respectively
HiveOS 6.5r12 - vulnerable on the AP130, AP230 and AP1130 only but EOL on these models and customers should upgrade to 8.2r7 or 10.0r8a when released.

HiveOS 10.1r3 March 2020
HiveOS 10.1r5 June 2020
HiveOS 8.2r7 April 2020
HiveOS 10.0r8a June 2020

AP305C/AP410C HiveOS 10.1r3
AP650/AP510C will be 10.0r9a or 10.1r5

WiNG 7.3.1 and onwards are not affected
WiNG 7.3.0 – WiNG 7.3.0.3 in April 2020
WiNG 7.2.1.8 will contain the patch - March 2020 (aligned with XCA 4.56.09)
WING 5.8 and 5.9 - vulnerable. Patch releases will be made as follows:
  • 5.8.6.12 in April 2020  (only for kr00k)
  • 5.9.1.9 on May 5, 2020 (only for kr00k)
  • 5.9.8.0 in April  2020
  • 5.9.3.5 on May 5, 2020
  • 5.9.4.3 on May 5, 2020
AP410i/e, AP460i/e - vulnerable fixed in WiNG 7.3.0.3
AP510i/e, AP560i/h - vulnerable  fixed in WiNG 7.2.1.8
AP8533, AP8432 – vulnerable fixed in WiNG 5.8 or WiNG 5.9 above
AP7532/AP7522/AP7562 - vulnerable fixed in WiNG 5.8 or WiNG 5.9 above
AP7622/02 - vulnerable is fixed in WiNG 5.9.8.0
AP3912/3915/3916/3917/3935/3965/7612/7632/7662/8163 - not affected
AP3801/3805/3825/3865- not affected

EOS APs
AP6532/22 – not affected

Impact Details

 

Repair Recommendations

 
Upgrading to patch releases is the best path to fixing the vulnerability. However, as noted above, Kr00k is a low-severity vulnerability, and most application layer traffic is also encrypted anyway independently of the WiFi layer. This helps to mitigate the risk, and is one reason the CVSS score is low.

Legal Notice

 
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks.

Version Number

 

Feedback