Cisco Meraki releases firmware update for KRACK vulnerability

Home » Digital Transformation Rockstar Blog » Cisco Meraki releases firmware update for KRACK vulnerability
Back to Digital Transformation Rockstar Blog
Meraki Dashboard

Cisco Meraki releases firmware update for KRACK vulnerability

Blog, Cisco Meraki, Product news 0 Comments

Meraki has released a firmware patch to address a vulnerability called Key Reinstallation AttACK (KRACK) that affects customer networks who are actively using Fast Secure Roaming (a.k.a Fast BSS Transition, or FT). This particular vulnerability affects most wireless vendors including Cisco Meraki and targets FT capabilities inherent in the 802.11r protocol.

This vulnerability enables an attacker to get their hands on sensitive information exchanged between a client device and a wireless access point (AP) by replaying frames to an AP. Replayed frames aren’t accounted for when establishing a connection using FT. This allows an attacker to replay data sent to an AP, including sensitive encryption key data enabling that attacker to decrypt/forge wireless frames.

Affected customers can receive this patch via a seamless cloud update. Customers opting out are strongly encouraged to disable 802.11r on their networks. The latest, secure firmware version for most MR models are MR 24-11 while customers deploying MR33s, MR30Hs, or MR74s, must update to firmware version MR 25-7.

For more information on this firmware update, please visit Cisco Meraki’s blog.

Share this post

Author

Back to Digital Transformation Rockstar Blog