INTEL WIRELESS
Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

IEEE 802.11a/g/n Reference Sheet

 

LWAPP QoS Packet Tagging

 

 

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

« WLC: AP Managers Are Pingable - 7.x onwards | Main | Cisco WLC 5508 License Gotcha ! (12 AP WLC can only support 487 APs) »
Friday
Jan132012

Cisco Field Notice: Wi-Fi Protected Setup PIN Brute Force Vulnerability

Note the WPS vulnerability is with home and soho devices and not with Cisco enterprise gear. Note the models below:

Cisco Response

On December 27th, 2011 US-CERT released VU#723755 available here: http://www.kb.cert.org/vuls/id/723755

The US-CERT Vulnerability Note describes a vulnerability that exists in the Wi-Fi Alliance Wi-Fi Protected Setup (WPS) protocol, also known as Wi-Fi Simple Config, when devices are operating in PIN External Registrar (PIN-ER) mode.  Devices operating in PIN-ER mode allow a WPS capable client to supply only the correct WPS PIN to configure their client on a properly secured network.  A weakness in the protocol affects all devices that operate in the PIN-ER mode, and may allow an unauthenticated, remote attacker to brute force the WPS configuration PIN in a short amount of time.

The vulnerability is due to a flaw that allows an attacker to determine when the first 4-digits of the eight-digit PIN are known.  This effectively reduces the PIN space from 107 or 10,000,000 possible values to 104 + 103 which is 11,000 possible values. The eighth digit of the PIN is utilized as a checksum of the first 7 digits and does not contribute to the available PIN space. Because the PIN space has been significantly reduced, an attacker could brute force the WPS pin in as little as a few hours.

While the affected devices listed below implement the WPS 1.0 standard which requires that a 60-second lockout be implemented after three unsuccessful attempts to authenticate to the device, this does not substantially mitigate this issue as it only increases the time to exploit the protocol weakness from a few hours to at most several days.  It is our recommendation to disable the WPS feature to prevent exploitation of this vulnerability.

Vulnerable Products:

Product Name
Is the WPS feature enabled by default?
Can the WPS feature be permanently disabled?
Access Points
Cisco WAP4410N
Yes Yes
Unified Communications
Cisco UC320W
Yes
No
Wireless Routers/VPN/Firewall Devices
Cisco RV110W
Yes Yes
Cisco RV120W
No Yes
Cisco SRP521W
Yes Yes
Cisco SRP526W
Yes Yes
Cisco SRP527W
Yes Yes
Cisco SRP541W
Yes Yes
Cisco SRP546W
Yes Yes
Cisco SRP547W
Yes Yes
Cisco WRP400
Yes Yes


Note: The Cisco Valet product line is maintained by the Cisco Linksys Business Unit. Information concerning the Cisco Valet line as well as information on Linksys by Cisco products will be forthcoming.

Products Confirmed Not Vulnerable:

Product Name
Not Affected Reason
Access Points/Wireless Bridges
Cisco AP541N
Does not support WPS
Cisco WAP200
Does not support WPS
Cisco WAP200E
Does not support WPS
Cisco WAP2000
Does not support WPS
Cisco WET200
Does not support WPS
Unified Communications
Cisco UC500 Series
Does not support WPS
Wireless Cameras
Cisco WVC210
Does not support WPS
Cisco WVC2300
Does not support WPS
Wireless Routers/VPN/Firewall Devices
Cisco SA520W
WPS not enabled by default
Does not support PIN-ER configuration Mode
Cisco RV220W
Does not support WPS
Cisco WRV210
Does not support WPS
Cisco WRVS4400N
Does not support WPS

Additional Information

Workarounds:

 

Disable the Wi-Fi Protected Setup feature on devices that allow the feature to be disabled, as listed in the Vulnerable Products table.  Cisco Systems has verified that the products that support disabling the WPS feature do indeed disable it and are not vulnerable once the feature has been disabled from the management interface.

Fixed Software:

Product Name
Fixed Software
Cisco WAP4410
To Be Released
Cisco RV110W
To Be Released
Cisco RV120W
To Be Released
Cisco UC320W
To Be Released
Cisco SRP521W
To Be Released
Cisco SRP526W
To Be Released
Cisco SRP527W
To Be Released
Cisco SRP541W
To Be Released
Cisco SRP546W
To Be Released
Cisco SRP547W
To Be Released
Cisco WRP400
To Be Released


Note: The Cisco Valet product line is maintained by the Cisco Linksys Business Unit. Information concerning the Cisco Valet line as well as information on Linksys by Cisco products will be forthcoming.

Exploitation and Public Announcements:

Exploit code and functional attack tools that exploit the weakness within the WPS protocol have been released.

This vulnerability was discovered by Stefan Viehböck and Craig Heffner.

Status of this Notice: Final

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

 

Revision History

 Revision  Date  Notes
1.0 01-11-2012 Initial Public Release

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>