Ubiquiti Networks Information for VU#228519

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Status

Affected

Vendor Statement

AmpliFi line products are not affected since firmware v2.4.3. Firmware v2.4.2 is partially affected and all versions prior to that are affected.

All airMAX AC and M series products have fixes for the majority of WPA2 rekeying issues since v8.4.0 (AC series) and v6.0.7 (M series). Additional improvements will fully resolve the issue with v8.4.2/v6.1.2. Furthermore, our proprietary airMAX protocol makes simple attacks more difficult.

References:
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522

All UniFi Access Point products are not affected by the WPA PTK issues with firmware 3.9.3 and above, but are affected by the 11r/FT issue, where 11r/FT is still in beta.

Reference:
https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522
https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.