Cisco explains newly released security advisory – Cisco Blogs


You may have heard of a recent network security advisory that has made its way through the new cycles and you may have questions. The good news is Cisco has answers and you can find them in our comprehensive new FAQ.

If you’re not sure what I’m talking about and want to understand what’s been going on, this blog will serve as a primer. But to get the full scoop, I urge you to take a read of the FAQ linked above so that you’re more familiar with the security advisory.

In the last few weeks, security researchers have discovered that some Wi-Fi devices have standards and implementations that can be vulnerable to outside interference. These vulnerabilities are in the frame aggregation functionality in some devices and the frame fragmentation functionality in others.

What does this mean? It all boils down to these vulnerabilities can allow an attacker to forge encrypted frames which would allow him or her the ability to download data. Sounds scary, right? It is. Kinda. According to the Wi-Fi Alliance, they haven’t been alerted of anyone doing this yet. But it can happen if you’re not careful. Keep in mind that if you perform routine updates, you will be alerted if someone was attempting to gain entrance into your network.

It’s important to remember that the risk of an attack is low and needs a man-in-the-middle position and victim participation in order for the attack to be successful. So make sure that you and your staff consider this advisement if you start to get communications that don’t seem quite right.

In the meantime, Cisco is closely working with both the Wi-Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI) since the issue was detected. We are addressing the issues with patches in upcoming software releases. As always, make sure that your patches are downloaded, deployed in a timely manner and stay vigilant!

For more information, consult our recently released FAQ.

 

Check out our Cisco Networking video channel

Subscribe to the Cisco Networking blog

Share:



Source link