Wireless Access

Reply
Moderator

Re: WPA2 Vulnerability Discussion

They are, unfortunately, having some problems getting the AP not to run out of memory (which is the reason the AP92/93 was end-of-lifed and capped at 4.1 software in the first place) after integrating a fix for a different security vulnerability.  It's definitely not getting ignored as I'm seeing numerous emails in my inbox about it, but I don't know how much longer it's going to take...

---
Jon Green, ACMX, CISSP
Security Guy
New Contributor

Re: WPA2 Vulnerability Discussion


We missed the AP92/93 in our patches - the engineering team is working on that right now.  It should not take too long.

 


Do you have an update on the planned firmware for the IAP 93?

Re: WPA2 Vulnerability Discussion

https://threatpost.com/apple-patches-krack-vulnerability-in-ios-11-1/128707/

Apple has patched it with iOS 11.1
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Moderator

Re: WPA2 Vulnerability Discussion


prettyflyforawifi wrote:

We missed the AP92/93 in our patches - the engineering team is working on that right now.  It should not take too long.

 


Do you have an update on the planned firmware for the IAP 93?


Alright - huge apologies for this one.  Something that was not supposed to take very long apparently ran into some big engineering challenges because in addition to the WPA2 concerns, we had to deal with some updated radio regulatory-related changes that I won't claim to understand, and it was pushing the bounds on the IAP92/93 memory.  But as of today, 6.4.2.6-4.1.3.5, which includes support for the IAP92/93, is available on the support website for download.  It hasn't been copied to the Lifetime Warranty tab yet but I sent in that request.

---
Jon Green, ACMX, CISSP
Security Guy
rds
New Contributor

Re: WPA2 Vulnerability Discussion

Hi,

 

 I have a cluster with 4 IAP-93 and 4 IAP-205 with firmware 6.4.2.6-4.1.3.0. I couldn't see firmware 6.4.2.6-4.1.3.5 in Lifetime Warranty Web Page, but after your post the VC detected it automatically.

 

 I selected the upgrade, but only IAP-205 upgraded meanwhile IAP-93 rebooted with reason out of memory. As IAP-93 started faster than IAP-205 one of them took the master role what provoked that IAP-205 rebooted again and downgraded to 6.4.2.6-4.1.3.0.

 

 Now I have again all the cluster in version 6.4.2.6-4.1.3.0, I wanted to know if someone was able to upgrade IAP-93 successfully.

 

 

Thanks,

Frequent Contributor II

Re: WPA2 Vulnerability Discussion


rds wrote:

Hi,

 

 I have a cluster with 4 IAP-93 and 4 IAP-205 with firmware 6.4.2.6-4.1.3.0. I couldn't see firmware 6.4.2.6-4.1.3.5 in Lifetime Warranty Web Page, but after your post the VC detected it automatically.

 

 I selected the upgrade, but only IAP-205 upgraded meanwhile IAP-93 rebooted with reason out of memory. As IAP-93 started faster than IAP-205 one of them took the master role what provoked that IAP-205 rebooted again and downgraded to 6.4.2.6-4.1.3.0.

 

 Now I have again all the cluster in version 6.4.2.6-4.1.3.0, I wanted to know if someone was able to upgrade IAP-93 successfully.

 

 

Thanks,


The fixed version closest to yours is 6.4.4.8-4.2.4.9. 

 

I suspect your version is no longer supported due to the additional patches in the newer version.


Bruce Osborne - Wireless Engineer
ACCP, ACMP
Moderator

Re: WPA2 Vulnerability Discussion


rds wrote:

Hi,

 


 Now I have again all the cluster in version 6.4.2.6-4.1.3.0, I wanted to know if someone was able to upgrade IAP-93 successfully.

 

 

Thanks,


The "out of memory" issue is the big problem with the IAP-92/93 and is why it took so long to get 4.1.3.5 released.  No matter what we do, it's going to be "on the edge".  Engineering's recommendation was to configure the 205 as the preferred master for the cluster and prevent the 92/93 from becoming the master.  They think that should allow it to run successfully.  That said... we know we're pushing up against the limits on that platform.

---
Jon Green, ACMX, CISSP
Security Guy
Frequent Contributor II

Re: WPA2 Vulnerability Discussion

It looks to me that the new verion of IAP92/93 software hit the Limited Warranty tab today.

Before that, only contract users had access.


Bruce Osborne - Wireless Engineer
ACCP, ACMP
rds
New Contributor

Re: WPA2 Vulnerability Discussion

Thank you jgreen,

 

 It is a real problem because we are limiting IAP-205 to an older firmware to make them compatible with IAP-93, but we can't remove IAP-93 either, they are working fine so far and they are not so old.

 

 We'll wait a couple of days to see if someone else was able to upgrade them. Today it took more than 20 minutes with several reboots to finally remain in the starting firmware.

 

Regards,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: