• Arista products not affected by CVE-2019-15126 (Kr00k vulnerability)

 
 
Print Friendly, PDF & Email

Arista products are not affected by CVE-2019-15126 (Kr00k vulnerability)

Kr00k – also known as CVE-2019-15126 – is a vulnerability in certain Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic.

Arista Networks Wifi products AP and management systems are not exploitable by the above mentioned CVEs.

The vulnerability affects all unpatched devices with Broadcom and Cypress FullMac Wi-Fi chips. Devices using Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink and Mediatek do not exhibit this vulnerability. Arista networks APs do not use the Wi-Fi chips that are affected. 

The vulnerability exploits a bug in the WiFi chipset that causes vulnerable devices to use an all-zero Temporal Key (TK) to encrypt unicast data frames, which allows an attacker to decrypt some network packets transmitted by vulnerable devices.

The Kr00k bug only impacts WiFi connections that use the specific Wi-Fi chips and are using WPA2-Personal or WPA2-Enterprise WiFi security protocols, with AES-CCMP encryption.

References

https://nvd.nist.gov/vuln/detail/CVE-2019-15126

https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: