This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vulnerability Notice VN-2021-460- "FragAttacks" Wifi Vulnerabilities

SamPirok
Community Manager Community Manager
Community Manager
‎05-13-2021 11:51 AM

A set of new vulnerabilities known as “FragAttacks” has been announced and these vulnerabilities affect WiFi communications and implementations. Broadly speaking, there are a total of 12 vulnerabilities, and three of them affect the WiFi design standard itself whereas the others affect specific implementations. Although CVSS scoring is not available yet as of this writing, it is likely the design flaws are the most serious and will require patches across nearly every WiFi implementation. The other vulnerabilities may also impact WiFi products, but these will be more limited in nature. The original source of information on FragAttacks can be found here: https://www.fragattacks.com/

 

You can read Extreme Networks full Vulnerability Notice here: https://extremeportal.force.com/ExtrArticleDetail?an=000095779

0 Kudos
16 Comments
PeterK
Contributor III
‎06-03-2021 02:38 PM
‎06-03-2021 02:38 PM

Hi Sam,

sorry, but what are you discussing 3 weeks?902c79ad0e7740bfa901c94b69f327dc_1f621.png

Most other vendors have still released information if their products are impacted and when the plan to fix it. Also Extreme has done this for a few products. 

A information - is it impacted or not would help. I'm not even talking about a possible fix-release date.

Seriously, that's a very poor performance in how you deal with your (and also our) customers.

0 Kudos
SamPirok
Community Manager Community Manager
Community Manager
‎06-03-2021 03:39 PM
‎06-03-2021 03:39 PM

Hi Peter, I completely understand your frustration here, I am not sure why it’s taking longer to work out if IdentiFi products are affected. As soon as I hear from the security team working on this project, I will update this post. I know that doesn’t help you or your customers right now, and I’m sincerely sorry I can’t be more helpful right now, but I’ll update you the very moment I know more. 

0 Kudos
mbesson
New Contributor
‎06-16-2021 05:41 AM
‎06-16-2021 05:41 AM

10.3r3 was released yesterday, June 15th.

0 Kudos
mbesson
New Contributor
‎06-16-2021 05:45 AM
‎06-16-2021 05:45 AM

Now eagerly waiting for 8.2r11 release date to be set!

PeterK
Contributor III
‎06-24-2021 09:51 AM
‎06-24-2021 09:51 AM

Wow, KB-Article is updated. It only takes 1 month and 10 days.

But there are open questions.

What about non 3805 - 38XX APs?

Why is XCC declared as “not vulnerable” if fixed firmware for connected APs is available?

0 Kudos
StephanH
Valued Contributor III
‎06-24-2021 03:53 PM
‎06-24-2021 03:53 PM

Hello,

 

the ExtremeCloud (=https://ezcloudx.com/) is missing on the KB, too.

I know the ExtremeCloud is EoS but still under contract.

 

0 Kudos
Popular Articles
GTM-P2G8KFN