US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
Extreme Networks will be offering a free, one-time download for ExtremeWireless and ExtremeWireless WiNG customers that are without a paid maintenance contract. This one-time download will provide access to an updated firmware release, but will not include additional warranty or support from Extreme Networks without a paid support contract. The firmware will be available on currently supported access point/controller models only. This one-time download will be available soon, and the link will be provided on this page when it becomes available.