Controllerless Networks

Reply
New Contributor

Aruba patches for new WiFi WPA2 vulnerability

Hi,

 

I have a few Aruba IAP 225 and they have firmware version:

6.4.2.6-4.1.1.6_50009

 

I am new to Aruba and don't really understand how to read the version number and releases.

 

Can someone tell me if this version is affected by the new Wifi WPA 2 vulnerability (http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt)

 

With the firmware version that I have on my devices, do I look at 

ArubaOS 6.4 prior to 6.4.4.16 or Aruba Instant (all versions prior to 4.2.4.9) in the document from Aruba below?

 

Title
=====
WPA2 Key Reinstallation Vulnerabilities


Overview
========
Common industry-wide flaws in WPA2 key management may allow an attacker to
decrypt, replay, and forge some frames on a WPA2 encrypted network.  The
accompanying FAQ document provides more extensive details.


Affected Products
=================
 -- ArubaOS (all versions prior to 6.3.1.25)
 -- ArubaOS 6.4 prior to 6.4.4.16
 -- ArubaOS 6.5.0.x
 -- ArubaOS 6.5.1 prior to 6.5.1.9
 -- ArubaOS 6.5.2.x
 -- ArubaOS 6.5.3 prior to 6.5.3.3
 -- ArubaOS 6.5.4 prior to 6.5.4.2
 -- ArubaOS 8.x prior to 8.1.0.4
 -- Aruba Instant (all versions prior to 4.2.4.9)
 -- Aruba Instant 4.3 prior to 4.3.1.6
 -- Aruba Instant 6.5.2 and 6.5.3 prior to 6.5.3.3
 -- Aruba Instant 6.5.4 prior to 6.5.4.2
 -- Clarity Engine 1.0
 -- HP 501 Wireless Client Bridge prior to 1.0.1.3
 -- Aruba 501 Wireless Client Bridge prior to 2.0.0.1
 -- Aruba AirMesh MSR series (all versions)

Any help will be appreciated.

Thanks so much!

 

 

Guru Elite

Re: Aruba patches for new WiFi WPA2 vulnerability

 -- ArubaOS 6.4 prior to 6.4.4.16

Yes 

 

No you are not.  You are running Instant code.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Aruba patches for new WiFi WPA2 vulnerability

Thanks Colin. So is it fair to say that my firmware is not affected by this vulnerability? Please confirm

 

Also, for future reference for Aruba IAP 225's firmware version 6.4.2.6-4.1.1.6_50009, 

my firmware is Aruba instant 6.4.2.6 ?? or Aruba instant 4.1.1.6 ? 

 

Appreciate your help.

Thank you

New Contributor

Re: Aruba patches for new WiFi WPA2 vulnerability

Hi All,

 

Code IAP 205 version 6.4.4.0-4.2.4 is affrecred with WiFi WPA2 vulnerability.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: