cancel
Showing results for 
Search instead for 
Did you mean: 
SamPirok
Community Manager Community Manager
Community Manager

A set of new vulnerabilities known as “FragAttacks” has been announced and these vulnerabilities affect WiFi communications and implementations. Broadly speaking, there are a total of 12 vulnerabilities, and three of them affect the WiFi design standard itself whereas the others affect specific implementations. Although CVSS scoring is not available yet as of this writing, it is likely the design flaws are the most serious and will require patches across nearly every WiFi implementation. The other vulnerabilities may also impact WiFi products, but these will be more limited in nature. The original source of information on FragAttacks can be found here: https://www.fragattacks.com/

 

You can read Extreme Networks full Vulnerability Notice here: https://extremeportal.force.com/ExtrArticleDetail?an=000095779

16 Comments
PeterK
Contributor III

Hi Sam,

sorry, but what are you discussing 3 weeks?902c79ad0e7740bfa901c94b69f327dc_1f621.png

Most other vendors have still released information if their products are impacted and when the plan to fix it. Also Extreme has done this for a few products. 

A information - is it impacted or not would help. I'm not even talking about a possible fix-release date.

Seriously, that's a very poor performance in how you deal with your (and also our) customers.

SamPirok
Community Manager Community Manager
Community Manager

Hi Peter, I completely understand your frustration here, I am not sure why it’s taking longer to work out if IdentiFi products are affected. As soon as I hear from the security team working on this project, I will update this post. I know that doesn’t help you or your customers right now, and I’m sincerely sorry I can’t be more helpful right now, but I’ll update you the very moment I know more. 

mbesson
New Contributor

10.3r3 was released yesterday, June 15th.

mbesson
New Contributor

Now eagerly waiting for 8.2r11 release date to be set!

PeterK
Contributor III

Wow, KB-Article is updated. It only takes 1 month and 10 days.

But there are open questions.

What about non 3805 - 38XX APs?

Why is XCC declared as “not vulnerable” if fixed firmware for connected APs is available?

StephanH
Valued Contributor III

Hello,

 

the ExtremeCloud (=https://ezcloudx.com/) is missing on the KB, too.

I know the ExtremeCloud is EoS but still under contract.

 

GTM-P2G8KFN