Controllerless Networks

 View Only
  • 1.  Aruba patches for new WiFi WPA2 vulnerability

    Posted Oct 16, 2017 07:48 PM

    Hi,

     

    I have a few Aruba IAP 225 and they have firmware version:

    6.4.2.6-4.1.1.6_50009

     

    I am new to Aruba and don't really understand how to read the version number and releases.

     

    Can someone tell me if this version is affected by the new Wifi WPA 2 vulnerability (http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt)

     

    With the firmware version that I have on my devices, do I look at 

    ArubaOS 6.4 prior to 6.4.4.16 or Aruba Instant (all versions prior to 4.2.4.9) in the document from Aruba below?

     

    Title
    =====
    WPA2 Key Reinstallation Vulnerabilities
    
    
    Overview
    ========
    Common industry-wide flaws in WPA2 key management may allow an attacker to
    decrypt, replay, and forge some frames on a WPA2 encrypted network.  The
    accompanying FAQ document provides more extensive details.
    
    
    Affected Products
    =================
     -- ArubaOS (all versions prior to 6.3.1.25)
     -- ArubaOS 6.4 prior to 6.4.4.16
     -- ArubaOS 6.5.0.x
     -- ArubaOS 6.5.1 prior to 6.5.1.9
     -- ArubaOS 6.5.2.x
     -- ArubaOS 6.5.3 prior to 6.5.3.3
     -- ArubaOS 6.5.4 prior to 6.5.4.2
     -- ArubaOS 8.x prior to 8.1.0.4
     -- Aruba Instant (all versions prior to 4.2.4.9)
     -- Aruba Instant 4.3 prior to 4.3.1.6
     -- Aruba Instant 6.5.2 and 6.5.3 prior to 6.5.3.3
     -- Aruba Instant 6.5.4 prior to 6.5.4.2
     -- Clarity Engine 1.0
     -- HP 501 Wireless Client Bridge prior to 1.0.1.3
     -- Aruba 501 Wireless Client Bridge prior to 2.0.0.1
     -- Aruba AirMesh MSR series (all versions)

    Any help will be appreciated.

    Thanks so much!

     

     



  • 2.  RE: Aruba patches for new WiFi WPA2 vulnerability
    Best Answer

    Posted Oct 16, 2017 08:11 PM
     -- ArubaOS 6.4 prior to 6.4.4.16

    Yes 

     

    No you are not.  You are running Instant code.



  • 3.  RE: Aruba patches for new WiFi WPA2 vulnerability

    Posted Oct 16, 2017 10:27 PM

    Thanks Colin. So is it fair to say that my firmware is not affected by this vulnerability? Please confirm

     

    Also, for future reference for Aruba IAP 225's firmware version 6.4.2.6-4.1.1.6_50009, 

    my firmware is Aruba instant 6.4.2.6 ?? or Aruba instant 4.1.1.6 ? 

     

    Appreciate your help.

    Thank you



  • 4.  RE: Aruba patches for new WiFi WPA2 vulnerability

    Posted Oct 18, 2017 02:12 AM

    Hi All,

     

    Code IAP 205 version 6.4.4.0-4.2.4 is affrecred with WiFi WPA2 vulnerability.