topic Re: Fragattacks in ExtremeCloud IQ

Fragattacks

dpanev — Wed, 12 May 2021 14:26:42 GMT

Hey Guys,

are extreme ap’s infected of this open door? If so, is there a workaround or a hotfix coming?

Regards,

Re: Fragattacks

StephanH — Wed, 12 May 2021 15:25:19 GMT

Hello,

in addition to dpanev's question, here is the background:

https://www.fragattacks.com/

Re: Fragattacks

schuert — Thu, 13 May 2021 02:16:57 GMT

Hi!

I second that. I’m using a bunch of c5215 controller and ap3935 access points and would really like to know if I’m affected, possible workarounds and if we can expect a security update for those.

Best regards

Re: Fragattacks

a_huerzeler — Thu, 13 May 2021 17:19:59 GMT

@Sam Pirok Would be great if Extreme could publish a communique how they will deal with the vulnerabilities published by https://twitter.com/vanhoefm https://www.fragattacks.com/ would be nice to have an official statement once customers start asking questions.

Re: Fragattacks

SamPirok — Thu, 13 May 2021 18:52:17 GMT

Hi guys, thanks for the mention, I just posted our vulnerability notice regarding the FragAttacks here:

Please let me know if you have additional questions and I’ll do my best to get you answers quickly.

Re: Fragattacks

StephanH — Thu, 13 May 2021 21:55:25 GMT

Hello @Sam Pirok,

in my opinion in the KB article referenced by you, Identifi products are missing in the table.

Re: Fragattacks

SamPirok — Fri, 14 May 2021 20:16:54 GMT

Thanks for letting me know @StephanH, I spoke with the IdentiFi team and they told me this is a typo. They are updating the notice now.

Re: Fragattacks

dpanev — Mon, 17 May 2021 18:44:19 GMT

The Articles only mentions ax and ac AP’s. What about 802.11n Release dates?

Re: Fragattacks

StephanH — Mon, 17 May 2021 18:52:30 GMT

Hello dpanev,

the Identifi pre ac APs are EoL since end of 2020. Therefore there will be no update.

Re: Fragattacks

dpanev — Mon, 17 May 2021 18:54:51 GMT

Okay thanks Stephan

Re: Fragattacks

adrian_stewart — Sun, 30 May 2021 03:53:52 GMT

Is there a release date for IQ Engine 10.3r3 for Wave 1 and Wave 2 AC (AP230 & AP250)?

Re: Fragattacks

SamPirok — Tue, 01 Jun 2021 20:45:59 GMT

Hey all, I’m told in the vulnerability notice that IdentiFi = ExtremeWireless. They are still working out whether or not ExtremeWireless products are affected by this issue.

The release for 10.3r3 is currently scheduled for early to mid month this month, barring any unforeseen set backs before then.

Re: Fragattacks

mfluechter — Thu, 10 Jun 2021 14:02:50 GMT

I’m a little bit confused that Extreme is still evaluating if some products are affected by these issues. Especially the older products like IdentiFi oder WLAN9100, which are still under service and for which they still receive money from customers for service and support…

Regarding https://www.fragattacks.com/ there was a 10 month disclosure period, managed by the WiFi-Alliance for manufacturers to test their equipment and produce patches. Extreme is Contributor in the WiFi-Alliance. So my colleagues, my boss and my customers, which are using these older stuff, and I are all asking ourselves one question: “What the hell did Extreme do in this period?”

Can someone from Extreme give me an official statement what had happened here exactly, that Extreme is still evaluating stuff and cannot give a clear statement if some products are affected by the CVEs? I mean, it’s not rocket science to test if a component is affected. The security engineer published a test-tool on GitHub. I’ve even tested my private equipment at home with it…

Re: Fragattacks

SamPirok — Sat, 19 Jun 2021 01:58:35 GMT

Hello all, thank you for your patience, our security team has updated the vulnerability notice today. Could you please let me know if the new additions address your questions? If not, please let me know and I’ll forward your questions on to the security team working on this.

Re: Fragattacks

markus_dach — Fri, 09 Jul 2021 15:59:58 GMT

Hi Sam, there is still no schedule for fixes on 38xx APs beside the 3805 model on the official vulnerability- notice page. When will patches for this series of APs (especially the 3825i/e series) be available?

Re: Fragattacks

SamPirok — Fri, 09 Jul 2021 22:05:02 GMT

Hi @markus.dach, I reached out to the security team with your question and I’m told there is an update coming later today that will address the 38xx AP plan. I’ll check back with you tomorrow to make sure that information covers what you’re looking for.

Re: Fragattacks

markus_dach — Tue, 13 Jul 2021 17:45:39 GMT

Hi Sam, thank you very much for your actions on this, do you have any new details? Ohter APs than the 3805 are still not mentioned in the schedule for hotfixes.

Re: Fragattacks

SamPirok — Tue, 13 Jul 2021 21:35:47 GMT

Hi @markus.dach, sorry for the delay there, the update went out this morning. The part I think you’re looking for specifically would be:

10.51.20 (38xx models) [End of July 2021]

Is that what you needed? If you need any further information please let me know and I’ll be happy to look in to it for you.

Re: Fragattacks

markus_dach — Wed, 14 Jul 2021 02:05:01 GMT

Thank you Sam, now the Article is also updated.

Re: Fragattacks

markus_dach — Fri, 06 Aug 2021 15:18:00 GMT

Hi Sam, now the Firmware 10.51.20 is released,

I’m wondering if all APs in the 38xx range are now fixed- in the release notes only the 3805 and 3825 models are mentioned, whats about the other models ( e.g. AP3865e )?:

Enhancements in 10.51.20.0003: wns0022969 Added Security Vulnerabilities (QCA) patch for AP 38xx (3805 & 3825) models

Are you able to check if all other models are also fixed?