Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.140451 |
Category: | CISCO |
Title: | Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities |
Summary: | Cisco IP Phone 8861 is prone to key reinstallation attacks against;WPA protocol. |
Description: | Summary: Cisco IP Phone 8861 is prone to key reinstallation attacks against WPA protocol. Vulnerability Insight: On October 16th, 2017, a research paper with the title of 'Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key. Vulnerability Impact: An attacker within the wireless communications range of an affected AP and client may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames. Solution: Update to version 12.0.1SR1 or later. CVSS Score: 5.4 CVSS Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-13077 Common Vulnerability Exposure (CVE) ID: CVE-2017-13078 Common Vulnerability Exposure (CVE) ID: CVE-2017-13079 Common Vulnerability Exposure (CVE) ID: CVE-2017-13080 Common Vulnerability Exposure (CVE) ID: CVE-2017-13081 Common Vulnerability Exposure (CVE) ID: CVE-2017-13086 Common Vulnerability Exposure (CVE) ID: CVE-2017-13087 Common Vulnerability Exposure (CVE) ID: CVE-2017-13088 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |