Wireless Access

Reply

Re: WPA2 Vulnerability Discussion

Aruba Instant IAP 105 runs Aruba Instant 4.2.x at latest.

The applicable version with fixes for KRACK for the IAP-105 will be: 6.4.4.8-4.2.4.9. And that is also the only firmware that both runs on IAP-105 and has the fixes.

 

There can be some confusion in the version numbering as the Instant release is 4.2.4.9 [which is referred in the bulletin], which is based on ArubaOS 6.4.4.8, thus makes up the whole version number: 6.4.4.8-4.2.4.9.

 

Starting ArubaOS 6.5.2, there is no different versioning scheme anymore for Aruba Instant and it will follow the same version as the ArubaOS where it was based on. That is why you see some 4.x and some 6.x releases in the bulletin.

 

Hope this clarifies some of your questions.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Regular Contributor II

Re: WPA2 Vulnerability Discussion

Hi Guys

 

We have a controller on 6.5.0.3. What version is the best one for update against this ? 6.5.3.3

 

Regards

New Contributor

Re: WPA2 Vulnerability Discussion

Hi Herman,

 

Thank you very much for the clarification and quick response. This explains a lot more ;o)

 

Thank you for filling out the missing 1%, I'm now 100% sure.

 

Thanks!

KR,

Onno.

Contributor I

Re: WPA2 Vulnerability Discussion

Hi all,

 

I have instant and controllers.

 

Controllers runs version 6.4.2.4 and others 6.4.2.14. would be upgrade to 6.4.4.16 ? 

 

and instant ap running  6.5.0.0-4.3.0.0. Is this version affected? what is the version 6.5 or 4.3

 

Best Regards

Frequent Contributor II

Re: WPA2 Vulnerability Discussion


beconnect wrote:

Hi Guys

 

We have a controller on 6.5.0.3. What version is the best one for update against this ? 6.5.3.3

 

Regards


Any of these should work.

-- 6.5.1.9
 -- 6.5.3.3
 -- 6.5.4.2

Bruce Osborne - Wireless Engineer
ACCP, ACMP
Frequent Contributor II

Re: WPA2 Vulnerability Discussion


MrFrankie wrote:

Hi all,

 

I have instant and controllers.

 

Controllers runs version 6.4.2.4 and others 6.4.2.14. would be upgrade to 6.4.4.16 ? 

 

and instant ap running  6.5.0.0-4.3.0.0. Is this version affected? what is the version 6.5 or 4.3

 

Best Regards


Yes, controllers should run 6.4.4.16. We just upgraded early this morning,

For instant, either 6.5.3.3 or 6.5.4.2 should be OK.


Bruce Osborne - Wireless Engineer
ACCP, ACMP

Re: WPA2 Vulnerability Discussion


derek.m.ward wrote:

Was able to get version 6.5.4.2 installed on our 7030 and most APs came back up after a few minutes except for our 6 AP-215s.  They just keep power cycling.  I grabbed one and am looking at the logs, but I don't see anything that stands out.  Is anyone else having any issues with their APs?


This is not related to the WPA2 vulnerability thread, I suggest you post it in the Wireless Access forum and you will definitely get some help/traction there.

 

We want to keep this thread specifically related to the WPA2 vulnerability.

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Contributor I

Re: WPA2 Vulnerability Discussion

Hi all,

 

One question. 

 

Reading the FAQ i see this:

 

Sin título.png

this mean that controllers that acts as an authenticator is vulnerable only if 802.11r is enabled. In my controllers 802.11r is disabled... so need the controller be upgrade?

Moderator

Re: WPA2 Vulnerability Discussion


MrFrankie wrote:

Hi all,

 

One question. 

 

Reading the FAQ i see this:

 

Sin título.png

this mean that controllers that acts as an authenticator is vulnerable only if 802.11r is enabled. In my controllers 802.11r is disabled... so need the controller be upgrade?


If you do not have 802.11r enabled, and you are not using mesh, then you could safely wait a while longer to upgrade the controller.  But do pay attention to last week's advisories and make sure you're protected from those.

---
Jon Green, ACMX, CISSP
Security Guy
Moderator

Re: WPA2 Vulnerability Discussion

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: