3com Inc

Notified:  August 30, 2017 Updated: August 30, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    9front

    Updated:  October 19, 2017

    Status

      Affected

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    ACCESS

    Notified:  August 28, 2017 Updated: August 28, 2017

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Acer

      Updated:  November 08, 2017

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Actiontec

      Notified:  August 30, 2017 Updated: October 20, 2017

      Status

        Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      ADTRAN

      Updated:  October 19, 2017

      Status

        Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Aerohive

      Notified:  August 30, 2017 Updated: October 17, 2017

      Status

        Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Alcatel-Lucent Enterprise

      Notified:  August 28, 2017 Updated: November 08, 2017

      Status

        Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Alpine Linux

      Notified:  August 28, 2017 Updated: August 28, 2017

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Amazon

        Notified:  August 28, 2017 Updated: August 28, 2017

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          Android Open Source Project

          Notified:  August 28, 2017 Updated: November 08, 2017

          Status

            Affected

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor Information

          We are not aware of further vendor information regarding this vulnerability.

          Vendor References

          Apple

          Notified:  August 28, 2017 Updated: November 01, 2017

          Status

            Affected

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor Information

          Per Apple's advisory, CVE-2017-13080 is addressed in iOS 11.1.

          Vendor References

          Arch Linux

          Notified:  August 28, 2017 Updated: October 17, 2017

          Status

            Affected

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor Information

          We are not aware of further vendor information regarding this vulnerability.

          Vendor References

          Arista Networks, Inc.

          Notified:  August 28, 2017 Updated: October 09, 2017

          Statement Date:   October 09, 2017

          Status

            Not Affected

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor Information

          We are not aware of further vendor information regarding this vulnerability.

          ARRIS

          Notified:  October 16, 2017 Updated: October 16, 2017

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Aruba Networks

            Notified:  August 28, 2017 Updated: October 09, 2017

            Statement Date:   October 09, 2017

            Status

              Affected

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor Information

            We are not aware of further vendor information regarding this vulnerability.

            Vendor References

            AsusTek Computer Inc.

            Notified:  August 28, 2017 Updated: October 19, 2017

            Status

              Affected

            Vendor Statement

            10/18/2017 Security advisory for the vulnerabilities of WPA2 protocol ASUS is aware of the recent WPA2 vulnerability issue. We take your security and privacy seriously and are currently working towards a full solution as quickly as possible. In the meantime, we want to help clarify the severity of the potential threat, and let our valued customers know the appropriate steps to take in order to avoid or lessen the threat of being compromised. Your devices are only vulnerable if an attacker is in physical proximity to your wireless network and is able to gain access to it. This exploit cannot steal your banking information, passwords, or other data on a secured connection that utilizes proper end-to-end encryption. However, an attacker could capture and read this information on an unsecured connection via an exploited WiFi network. Depending on the network configuration, it is also possible for the attacker to redirect network traffic, send invalid data to devices or even inject malware into the network. We are feverishly working with chipset suppliers to resolve this vulnerability and will release patched firmware for affected routers in the near future. Before this patched firmware is released, here are a few cautions all users should take: (1) Avoid public Wi-Fi and Hotspots until the routers and your devices are updated. Use cellular network connections if possible. (2) Only connect to secured services that you trust or have been verified. Web pages that use HTTPS or another secure connection will include HTTPS in the URL. If the connection is secured using TLS 1.2 your activities with that service is safe for now. (3) Keep your operating system and antivirus software up-to-date. Microsoft recently updated Windows to fix this exploit on their latest operating systems. Google and Apple are following suit shortly. (4) When in doubt, be safe and use your cellular network or a wired connection (Ethernet) to access the internet. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device on an exploited WiFi connection.

            Vendor Information

            We are not aware of further vendor information regarding this vulnerability.

            Vendor References

            Atheros Communications, Inc.

            Notified:  August 30, 2017 Updated: August 30, 2017

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              AT&T

              Notified:  August 28, 2017 Updated: August 28, 2017

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                Avaya, Inc.

                Notified:  August 28, 2017 Updated: August 28, 2017

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  AVM GmbH

                  Updated:  October 24, 2017

                  Statement Date:   October 24, 2017

                  Status

                    Affected

                  Vendor Statement

                  https://en.avm.de/service/current-security-notifications/

                  Vendor Information

                  We are not aware of further vendor information regarding this vulnerability.

                  Vendor References

                  Barnes and Noble

                  Notified:  August 28, 2017 Updated: August 28, 2017

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    Barracuda Networks

                    Notified:  August 28, 2017 Updated: October 24, 2017

                    Statement Date:   October 19, 2017

                    Status

                      Affected

                    Vendor Statement

                    On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key. Risk Rating: High Affected Products: Our investigations indicate that currently only Barracuda NextGen Firewall Wi-Fi Models used under Wi-Fi Client mode are affected: F101 F201 F301 F80 F82.DSLA F82.DSLB F180 F183 F280 FSC1

                    Vendor Information

                    October 18, 2017:  Hotfixes have been made available. We do recommend to update your systems also in case the firewall is used under Access Point mode. Fixed Vulnerabilities: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. Hotfix information and download for firmware 6.2.x Hotfix information and download for firmware 7.0.x Hotfix information and download for firmware 7.1.x

                    Vendor References

                    Belkin, Inc.

                    Notified:  August 28, 2017 Updated: October 19, 2017

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor Information

                    We are not aware of further vendor information regarding this vulnerability.

                    Vendor References

                    BlackBerry

                    Notified:  October 13, 2017 Updated: October 13, 2017

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      Blue Coat Systems

                      Notified:  August 28, 2017 Updated: August 28, 2017

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        Broadcom

                        Notified:  August 30, 2017 Updated: October 17, 2017

                        Statement Date:   October 16, 2017

                        Status

                          Affected

                        Vendor Statement

                        We confirm that some of the Broadcom products are affected by some of the issues reported in VU#228519.

                        Vendor Information

                        We are not aware of further vendor information regarding this vulnerability.

                        Brocade Communication Systems

                        Notified:  August 28, 2017 Updated: August 28, 2017

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          Cambium Networks

                          Updated:  October 26, 2017

                          Statement Date:   October 25, 2017

                          Status

                            Affected

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor Information

                          We are not aware of further vendor information regarding this vulnerability.

                          Vendor References

                          CA Technologies

                          Notified:  August 28, 2017 Updated: August 28, 2017

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            CentOS

                            Notified:  August 28, 2017 Updated: October 23, 2017

                            Status

                              Affected

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor Information

                            We are not aware of further vendor information regarding this vulnerability.

                            Vendor References

                            Check Point Software Technologies

                            Notified:  August 28, 2017 Updated: October 17, 2017

                            Statement Date:   October 17, 2017

                            Status

                              Not Affected

                            Vendor Statement

                            Since this is a client-side attack and we only have wifi access points in our SMB products, that do not support repeater-mode or the 802.11r protocol  – we are not vulnerable.

                            Vendor Information

                            We are not aware of further vendor information regarding this vulnerability.

                            Vendor References

                            Cisco

                            Notified:  August 28, 2017 Updated: October 16, 2017

                            Status

                              Affected

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor Information

                            We are not aware of further vendor information regarding this vulnerability.

                            Vendor References

                            CMX Systems

                            Notified:  August 28, 2017 Updated: August 28, 2017

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              Contiki OS

                              Notified:  August 28, 2017 Updated: August 28, 2017

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                CoreOS

                                Notified:  August 28, 2017 Updated: August 28, 2017

                                Status

                                  Unknown

                                Vendor Statement

                                No statement is currently available from the vendor regarding this vulnerability.

                                Vendor References

                                  Cradlepoint

                                  Updated:  October 19, 2017

                                  Statement Date:   October 19, 2017

                                  Status

                                    Affected

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor Information

                                  We are not aware of further vendor information regarding this vulnerability.

                                  Vendor References

                                  Cypress Semiconductor

                                  Notified:  August 30, 2017 Updated: October 23, 2017

                                  Status

                                    Affected

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor Information

                                  We are not aware of further vendor information regarding this vulnerability.

                                  Vendor References

                                  dd-wrt

                                  Updated:  October 23, 2017

                                  Status

                                    Affected

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor Information

                                  We are not aware of further vendor information regarding this vulnerability.

                                  Vendor References

                                  Debian GNU/Linux

                                  Notified:  August 28, 2017 Updated: October 17, 2017

                                  Statement Date:   October 16, 2017

                                  Status

                                    Affected

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor Information

                                  We are not aware of further vendor information regarding this vulnerability.

                                  Vendor References

                                  Dell

                                  Notified:  August 28, 2017 Updated: October 24, 2017

                                  Statement Date:   October 23, 2017

                                  Status

                                    Affected

                                  Vendor Statement

                                  http://www.dell.com/support/article/SLN307822

                                  Vendor Information

                                  We are not aware of further vendor information regarding this vulnerability.

                                  Vendor References

                                  Dell EMC

                                  Notified:  August 28, 2017 Updated: October 27, 2017

                                  Statement Date:   October 25, 2017

                                  Status

                                    Not Affected

                                  Vendor Statement

                                  Dell EMC has analyzed the vulnerabilities listed in VU#228519 and have concluded that none of our products are impacted.

                                  Vendor Information

                                  We are not aware of further vendor information regarding this vulnerability.

                                  Vendor References

                                  DesktopBSD

                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                  Status

                                    Unknown

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor References

                                    Devicescape

                                    Notified:  August 30, 2017 Updated: August 30, 2017

                                    Status

                                      Unknown

                                    Vendor Statement

                                    No statement is currently available from the vendor regarding this vulnerability.

                                    Vendor References

                                      Digi International

                                      Updated:  November 16, 2017

                                      Status

                                        Affected

                                      Vendor Statement

                                      https://forms.na1.netsuite.com/app/site/hosting/scriptlet.nl?script=457&deploy=2&compid=818164&h=5928a16f2b6f9582b799&articleid=2520

                                      Vendor Information

                                      We are not aware of further vendor information regarding this vulnerability.

                                      Vendor References

                                      D-Link Systems, Inc.

                                      Notified:  August 28, 2017 Updated: October 20, 2017

                                      Statement Date:   October 19, 2017

                                      Status

                                        Affected

                                      Vendor Statement

                                      On October 16th, researchers disclosed security vulnerabilities in the widely used standard for Wi-Fi security WPA2 (Wi-Fi Protected Access II) that make it possible for attackers to eavesdrop on Wi-Fi traffic. D-Link has immediately taken actions to investigate this matter. This security concern appears to be an industry-wide issue that will require firmware patches to be provided from the relevant semiconductor chipset manufacturers. D-Link has requested assistance from the chipset manufacturers. As soon as the firmware patches are received from the chipset manufacturers, we will post them on our websites immediately. Please take the following important actions to help protect your privacy: 1.  It is highly recommended to use encrypted communications protocols such as VPN or HTTPS, especially when delivering confidential information. 2. Check our website regularly for the newest firmware updates. Vendor References http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10075

                                      Vendor Information

                                      We are not aware of further vendor information regarding this vulnerability.

                                      Vendor References

                                      dnsmasq

                                      Notified:  August 28, 2017 Updated: August 28, 2017

                                      Status

                                        Unknown

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor References

                                        DragonFly BSD Project

                                        Notified:  August 28, 2017 Updated: August 28, 2017

                                        Status

                                          Unknown

                                        Vendor Statement

                                        No statement is currently available from the vendor regarding this vulnerability.

                                        Vendor References

                                          DrayTek Corporation

                                          Updated:  October 19, 2017

                                          Status

                                            Affected

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor Information

                                          We are not aware of further vendor information regarding this vulnerability.

                                          Vendor References

                                          Edimax Computer Company

                                          Updated:  October 23, 2017

                                          Status

                                            Affected

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor Information

                                          We are not aware of further vendor information regarding this vulnerability.

                                          Vendor References

                                          eero

                                          Updated:  November 01, 2017

                                          Status

                                            Affected

                                          Vendor Statement

                                          https://blog.eero.com/krack-update-1-fix-beta/

                                          Vendor Information

                                          We are not aware of further vendor information regarding this vulnerability.

                                          Vendor References

                                          EfficientIP SAS

                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                          Status

                                            Unknown

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor References

                                            Endian

                                            Updated:  November 01, 2017

                                            Status

                                              Affected

                                            Vendor Statement

                                            No statement is currently available from the vendor regarding this vulnerability.

                                            Vendor Information

                                            We are not aware of further vendor information regarding this vulnerability.

                                            Vendor References

                                            ENEA

                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                            Status

                                              Unknown

                                            Vendor Statement

                                            No statement is currently available from the vendor regarding this vulnerability.

                                            Vendor References

                                              EnGenius

                                              Updated:  October 19, 2017

                                              Status

                                                Affected

                                              Vendor Statement

                                              No statement is currently available from the vendor regarding this vulnerability.

                                              Vendor Information

                                              We are not aware of further vendor information regarding this vulnerability.

                                              Vendor References

                                              Ericsson

                                              Notified:  August 28, 2017 Updated: August 28, 2017

                                              Status

                                                Unknown

                                              Vendor Statement

                                              No statement is currently available from the vendor regarding this vulnerability.

                                              Vendor References

                                                Espressif Systems

                                                Notified:  September 22, 2017 Updated: October 13, 2017

                                                Statement Date:   October 13, 2017

                                                Status

                                                  Affected

                                                Vendor Statement

                                                Our products ESP8266 and ESP32 are affected by the vulnerability identified as VU#228519. For ESP32, we have made remediation in ESP-IDF v2.1.1 on Github. ESP32 which uses ESP-IDF v2.1.1 or later than v2.1.1 will not be affected by this vulnerability. For ESP8266, we have updated both RTOS SDK and NONOS SDK on Github on October 13, 2017. ESP8266 which uses RTOS SDK or NONOS SDK after October 13, 2017 will not be affected by this vulnerability. We strongly recommend that users update their ESP-IDF, ESP8266 RTOS SDK and ESP8266 NONOS SDK to the latest version to avoid being affected by this vulnerability. For ESP8089 and ESP8689, the supplicant protocol runs on the host side. So, whether they are affected by this vulnerability depends on which host is used. But we also recommend that users update their host to fix this vulnerability. The updates of ESP-IDF, ESP8266 RTOS SDK and ESP8266 NONOS SDK can be found on the following website: ESP-IDF: https://github.com/espressif/esp-idf ESP8266 RTOS SDK: https://github.com/espressif/ESP8266_RTOS_SDK ESP8266 NONOS SDK: https://github.com/espressif/ESP8266_NONOS_SDK

                                                Vendor Information

                                                We are not aware of further vendor information regarding this vulnerability.

                                                Vendor References

                                                European Registry for Internet Domains

                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                Status

                                                  Unknown

                                                Vendor Statement

                                                No statement is currently available from the vendor regarding this vulnerability.

                                                Vendor References

                                                  Extreme Networks

                                                  Notified:  August 28, 2017 Updated: October 17, 2017

                                                  Statement Date:   October 16, 2017

                                                  Status

                                                    Affected

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor Information

                                                  We are not aware of further vendor information regarding this vulnerability.

                                                  Vendor References

                                                  F5 Networks, Inc.

                                                  Notified:  August 28, 2017 Updated: October 23, 2017

                                                  Status

                                                    Not Affected

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor Information

                                                  We are not aware of further vendor information regarding this vulnerability.

                                                  Vendor References

                                                  Fedora Project

                                                  Notified:  August 28, 2017 Updated: October 17, 2017

                                                  Status

                                                    Affected

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor Information

                                                  We are not aware of further vendor information regarding this vulnerability.

                                                  Vendor References

                                                  Force10 Networks

                                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                                  Status

                                                    Unknown

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor References

                                                    Fortinet, Inc.

                                                    Notified:  August 28, 2017 Updated: October 17, 2017

                                                    Statement Date:   October 16, 2017

                                                    Status

                                                      Affected

                                                    Vendor Statement

                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                    Vendor Information

                                                    We are not aware of further vendor information regarding this vulnerability.

                                                    Vendor References

                                                    Foundry Brocade

                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                    Status

                                                      Unknown

                                                    Vendor Statement

                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                    Vendor References

                                                      FreeBSD Project

                                                      Notified:  August 28, 2017 Updated: October 17, 2017

                                                      Statement Date:   October 12, 2017

                                                      Status

                                                        Affected

                                                      Vendor Statement

                                                      FreeBSD users leveraging WPA2 should monitor the FreeBSD-announce mailing list and/or the Security Information webpage (https://www.freebsd.org/security/) for further information regarding how this vulnerability applies to FreeBSD.

                                                      Vendor Information

                                                      We are not aware of further vendor information regarding this vulnerability.

                                                      Vendor References

                                                      F-Secure Corporation

                                                      Updated:  October 24, 2017

                                                      Statement Date:   October 24, 2017

                                                      Status

                                                        Affected

                                                      Vendor Statement

                                                      Status: An automatic firmware update (version 2017-10-23_01 – p1.3.21.26) has been released to all F-Secure SENSE router users Update available: 23rd October 2017 Security advisory: https://www.f-secure.com/en/web/labs_global/fsc-2017-1

                                                      Vendor Information

                                                      We are not aware of further vendor information regarding this vulnerability.

                                                      Vendor References

                                                      gdnsd

                                                      Notified:  August 28, 2017 Updated: August 28, 2017

                                                      Status

                                                        Unknown

                                                      Vendor Statement

                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                      Vendor References

                                                        Gentoo Linux

                                                        Notified:  August 28, 2017 Updated: October 23, 2017

                                                        Status

                                                          Affected

                                                        Vendor Statement

                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                        Vendor Information

                                                        We are not aware of further vendor information regarding this vulnerability.

                                                        Vendor References

                                                        GNU adns

                                                        Notified:  August 28, 2017 Updated: August 28, 2017

                                                        Status

                                                          Unknown

                                                        Vendor Statement

                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                        Vendor References

                                                          GNU glibc

                                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                                          Status

                                                            Unknown

                                                          Vendor Statement

                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                          Vendor References

                                                            Google

                                                            Notified:  August 28, 2017 Updated: November 08, 2017

                                                            Status

                                                              Affected

                                                            Vendor Statement

                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                            Vendor Information

                                                            We are not aware of further vendor information regarding this vulnerability.

                                                            Vendor References

                                                            HardenedBSD

                                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                                            Status

                                                              Unknown

                                                            Vendor Statement

                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                            Vendor References

                                                              Hewlett Packard Enterprise

                                                              Notified:  August 28, 2017 Updated: October 23, 2017

                                                              Status

                                                                Affected

                                                              Vendor Statement

                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                              Vendor Information

                                                              We are not aware of further vendor information regarding this vulnerability.

                                                              Vendor References

                                                              Hitachi

                                                              Notified:  August 28, 2017 Updated: August 28, 2017

                                                              Status

                                                                Unknown

                                                              Vendor Statement

                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                              Vendor References

                                                                Honeywell

                                                                Updated:  November 08, 2017

                                                                Status

                                                                  Unknown

                                                                Vendor Statement

                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                Vendor Information

                                                                We are not aware of further vendor information regarding this vulnerability.

                                                                HostAP

                                                                Notified:  August 30, 2017 Updated: October 16, 2017

                                                                Status

                                                                  Affected

                                                                Vendor Statement

                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                Vendor Information

                                                                We are not aware of further vendor information regarding this vulnerability.

                                                                Vendor References

                                                                HTC

                                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                                Status

                                                                  Unknown

                                                                Vendor Statement

                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                Vendor References

                                                                  Huawei Technologies

                                                                  Notified:  August 22, 2017 Updated: August 22, 2017

                                                                  Status

                                                                    Unknown

                                                                  Vendor Statement

                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                  Vendor References

                                                                    IBM, INC.

                                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                                    Status

                                                                      Unknown

                                                                    Vendor Statement

                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                    Vendor References

                                                                      Infoblox

                                                                      Notified:  August 28, 2017 Updated: August 28, 2017

                                                                      Status

                                                                        Unknown

                                                                      Vendor Statement

                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                      Vendor References

                                                                        Intel Corporation

                                                                        Notified:  August 28, 2017 Updated: October 10, 2017

                                                                        Statement Date:   October 10, 2017

                                                                        Status

                                                                          Affected

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor Information

                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                        Vendor References

                                                                        Internet Systems Consortium

                                                                        Notified:  August 28, 2017 Updated: October 17, 2017

                                                                        Statement Date:   October 16, 2017

                                                                        Status

                                                                          Not Affected

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor Information

                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                        Internet Systems Consortium - DHCP

                                                                        Notified:  August 28, 2017 Updated: October 17, 2017

                                                                        Statement Date:   October 16, 2017

                                                                        Status

                                                                          Not Affected

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor Information

                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                        IPFire Project

                                                                        Updated:  October 23, 2017

                                                                        Status

                                                                          Affected

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor Information

                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                        Vendor References

                                                                        JH Software

                                                                        Notified:  August 28, 2017 Updated: August 28, 2017

                                                                        Status

                                                                          Unknown

                                                                        Vendor Statement

                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                        Vendor References

                                                                          Joyent

                                                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                                                          Status

                                                                            Unknown

                                                                          Vendor Statement

                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                          Vendor References

                                                                            Juniper Networks

                                                                            Notified:  August 28, 2017 Updated: October 17, 2017

                                                                            Statement Date:   August 28, 2017

                                                                            Status

                                                                              Affected

                                                                            Vendor Statement

                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                            Vendor Information

                                                                            We are not aware of further vendor information regarding this vulnerability.

                                                                            Vendor References

                                                                            Kyocera Communications

                                                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                                                            Status

                                                                              Unknown

                                                                            Vendor Statement

                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                            Vendor References

                                                                              LANCOM Systems GmbH

                                                                              Updated:  October 23, 2017

                                                                              Statement Date:   October 18, 2017

                                                                              Status

                                                                                Affected

                                                                              Vendor Statement

                                                                              We have become aware of the flaw early this week on Monday October the 16th and will present our patches on Friday October 20. LANCOM has deliver the following statement: https://www.lancom-systems.com/service-support/instant-help/general-safety-information/ We have been able to launch our security packages: https://www2.lancom.de/kb.nsf/ac96860327f38e46c12572660046f099/bd86ff5908078296c12581bf004c0b23?OpenDocument

                                                                              Vendor Information

                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                              Vendor References

                                                                              Lantronix

                                                                              Notified:  October 02, 2017 Updated: October 10, 2017

                                                                              Status

                                                                                Unknown

                                                                              Vendor Statement

                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                              Vendor Information

                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                              LEDE Project

                                                                              Updated:  October 19, 2017

                                                                              Status

                                                                                Affected

                                                                              Vendor Statement

                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                              Vendor Information

                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                              Vendor References

                                                                              Lenovo

                                                                              Notified:  August 28, 2017 Updated: November 08, 2017

                                                                              Statement Date:   October 11, 2017

                                                                              Status

                                                                                Affected

                                                                              Vendor Statement

                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                              Vendor Information

                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                              Vendor References

                                                                              LG Electronics

                                                                              Notified:  August 28, 2017 Updated: August 28, 2017

                                                                              Status

                                                                                Unknown

                                                                              Vendor Statement

                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                              Vendor References

                                                                                LIFX

                                                                                Updated:  October 23, 2017

                                                                                Status

                                                                                  Affected

                                                                                Vendor Statement

                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                Vendor Information

                                                                                We are not aware of further vendor information regarding this vulnerability.

                                                                                Vendor References

                                                                                Lynx Software Technologies

                                                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                Status

                                                                                  Unknown

                                                                                Vendor Statement

                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                Vendor References

                                                                                  m0n0wall

                                                                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                  Status

                                                                                    Unknown

                                                                                  Vendor Statement

                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                  Vendor References

                                                                                    Marvell Semiconductor

                                                                                    Notified:  September 18, 2017 Updated: September 25, 2017

                                                                                    Status

                                                                                      Unknown

                                                                                    Vendor Statement

                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                    Vendor Information

                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                    McAfee

                                                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                    Status

                                                                                      Unknown

                                                                                    Vendor Statement

                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                    Vendor References

                                                                                      MediaTek

                                                                                      Notified:  August 30, 2017 Updated: August 30, 2017

                                                                                      Status

                                                                                        Unknown

                                                                                      Vendor Statement

                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                      Vendor References

                                                                                        Medtronic

                                                                                        Notified:  August 30, 2017 Updated: August 30, 2017

                                                                                        Status

                                                                                          Unknown

                                                                                        Vendor Statement

                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                        Vendor References

                                                                                          Microchip Technology

                                                                                          Notified:  August 28, 2017 Updated: October 17, 2017

                                                                                          Statement Date:   October 13, 2017

                                                                                          Status

                                                                                            Affected

                                                                                          Vendor Statement

                                                                                          For the most updated information about Microchip Wi-Fi products with regards to the WPA2 vulnerabilities , please visit: http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability Summary: ATWINC15x0 based products (IC & Modules ) are affected by this vulnerability – Updated FW with fixes is available here: http://www.microchip.com/wwwproducts/en/ATWINC1500 RN131 / RN171 based products are affected by this vulnerability – Updated FW (4.82) will be available by 10/31 and will be published here: http://www.microchip.com/wwwproducts/en/RN171 ATWILC1000 & ATWILC3000 based products (IC & Modules) for Linux systems – WPA2 implementation resides on the Host MPU and not on the wireless device. We highly recommend our customers to integrate the latest patches available to ensure their systems are protected.

                                                                                          Vendor Information

                                                                                          We are not aware of further vendor information regarding this vulnerability.

                                                                                          Vendor References

                                                                                          Microsoft Corporation

                                                                                          Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                          Statement Date:   October 16, 2017

                                                                                          Status

                                                                                            Affected

                                                                                          Vendor Statement

                                                                                          Microsoft released a security update on October 10, 2017, and customers who have Windows Update enabled and applied the security updates, are protected automatically. Vendor Information CVE-2017-13080 describes this vulnerability in affected Microsoft products. Vendor References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

                                                                                          Vendor Information

                                                                                          We are not aware of further vendor information regarding this vulnerability.

                                                                                          Vendor References

                                                                                          MikroTik

                                                                                          Notified:  September 28, 2017 Updated: October 16, 2017

                                                                                          Statement Date:   October 10, 2017

                                                                                          Status

                                                                                            Not Affected

                                                                                          Vendor Statement

                                                                                          On October 16. CERT/CC/ICASI released a public announcement about discovered vulnerabilities in WPA2 handshake protocols that affect most WiFi users and all vendors world wide. RouterOS v6.39.3, v6.40.4, v6.41rc are not affected! It is important to note that the vulnerability is discovered in the protocol itself, so even a correct implementation is affected. These organizations did contact us earlier, so we have already released fixed versions that address the outlined issues. Not all of the discovered vulnerabilities directly impact RouterOS users, or even apply to RouterOS, but we did follow all recommendations and improved the key exchange process according to the guidelines we received from the organizations who discovered the issue. We released fixed versions last week, so if you upgrade your devices routinely, no further action is required. CWE-323 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13083 CVE-2017-13084 CVE-2017-13085 CVE-2017-13086 CVE-2017-13087 The following applies to RouterOS software prior to updates related to the issue. nv2 nv2 is not affected in any way. This applies to both - nv2 AP and client. There is no nonce reset in key exchange possible and key re-installation is not possible, because nv2 key exchange does not directly follow 802.11 key exchange specification. 802.11 nonce reuse RouterOS is not affected in any way, RouterOS generates cryptographically strong random initial nonce on boot and never reuses the same nonce during uptime. 802.11 key reinstallation The device operating as client in key exchange is affected by this issue. This means that RouterOS in station modes and APs that establish WDS links with other APs are affected. RouterOS APs (both - standalone and CAPsMAN controlled), that do not establish WDS links with other APs, are not affected. Key reinstallation by resending key exchange frame allows attacker to reset encrypted frame packet counter. This allows attacker to replay frames that where previously sent by AP to client. Please note that RouterOS DOES NOT reset key to some known value that would allow attacker to inject/decrypt any frames to/from client. Suggested course of action It is always recommended to upgrade to latest RouterOS version, but depending on wireless protocol and mode the suggested course of action is as follows: - nv2: no action necessary - 802.11/nstreme AP without WDS: no action necessary - CAPsMAN: no action necessary - 802.11/nstreme client (all station modes) or AP with WDS: upgrade to fixed version ASAP.

                                                                                          Vendor Information

                                                                                          Though Mikrotik has self-identified as not affected, they have published updates that "improved WPA2 key exchange reliability" (see https://mikrotik.com/download/changelogs).

                                                                                          Vendor References

                                                                                          Mojo Networks

                                                                                          Updated:  October 19, 2017

                                                                                          Status

                                                                                            Affected

                                                                                          Vendor Statement

                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                          Vendor Information

                                                                                          We are not aware of further vendor information regarding this vulnerability.

                                                                                          Vendor References

                                                                                          Motorola, Inc.

                                                                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                          Status

                                                                                            Unknown

                                                                                          Vendor Statement

                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                          Vendor References

                                                                                            NEC Corporation

                                                                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                            Status

                                                                                              Unknown

                                                                                            Vendor Statement

                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                            Vendor References

                                                                                              Nest

                                                                                              Updated:  October 23, 2017

                                                                                              Status

                                                                                                Affected

                                                                                              Vendor Statement

                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                              Vendor Information

                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                              Vendor References

                                                                                              NetBSD

                                                                                              Notified:  August 28, 2017 Updated: October 17, 2017

                                                                                              Statement Date:   October 17, 2017

                                                                                              Status

                                                                                                Affected

                                                                                              Vendor Statement

                                                                                              For CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 aka KRACK Attacks as covered in: https://www.kb.cert.org/vuls/id/228519/ wpa_supplicant has been patched in our packaging system (pkgsrc) http://mail-index.netbsd.org/pkgsrc-changes/2017/10/16/msg165381.html http://mail-index.netbsd.org/pkgsrc-changes/2017/10/17/msg165433.html And for NetBSD itself, a patch has been commited to the HEAD of the tree & is pending to be merged into the NetBSD/6, 7, 8 branches. http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html

                                                                                              Vendor Information

                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                              Vendor References

                                                                                              Netgear, Inc.

                                                                                              Notified:  August 28, 2017 Updated: October 17, 2017

                                                                                              Status

                                                                                                Affected

                                                                                              Vendor Statement

                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                              Vendor Information

                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                              Vendor References

                                                                                              Nexenta

                                                                                              Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                              Status

                                                                                                Unknown

                                                                                              Vendor Statement

                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                              Vendor References

                                                                                                NLnet Labs

                                                                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                Status

                                                                                                  Unknown

                                                                                                Vendor Statement

                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                Vendor References

                                                                                                  Nokia

                                                                                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                  Status

                                                                                                    Unknown

                                                                                                  Vendor Statement

                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                  Vendor References

                                                                                                    Nominum

                                                                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                    Status

                                                                                                      Unknown

                                                                                                    Vendor Statement

                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                    Vendor References

                                                                                                      OmniROM

                                                                                                      Updated:  October 23, 2017

                                                                                                      Status

                                                                                                        Affected

                                                                                                      Vendor Statement

                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                      Vendor Information

                                                                                                      We are not aware of further vendor information regarding this vulnerability.

                                                                                                      Vendor References

                                                                                                      OmniTI

                                                                                                      Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                      Status

                                                                                                        Unknown

                                                                                                      Vendor Statement

                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                      Vendor References

                                                                                                        OpenBSD

                                                                                                        Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                                        Status

                                                                                                          Affected

                                                                                                        Vendor Statement

                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                        Vendor Information

                                                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                                                        OpenDNS

                                                                                                        Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                        Status

                                                                                                          Unknown

                                                                                                        Vendor Statement

                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                        Vendor References

                                                                                                          OpenIndiana

                                                                                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                          Status

                                                                                                            Unknown

                                                                                                          Vendor Statement

                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                          Vendor References

                                                                                                            Open Mesh

                                                                                                            Updated:  October 19, 2017

                                                                                                            Status

                                                                                                              Affected

                                                                                                            Vendor Statement

                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                            Vendor Information

                                                                                                            We are not aware of further vendor information regarding this vulnerability.

                                                                                                            Vendor References

                                                                                                            Openwall GNU/*/Linux

                                                                                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                            Status

                                                                                                              Unknown

                                                                                                            Vendor Statement

                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                            Vendor References

                                                                                                              OPNsense

                                                                                                              Updated:  October 23, 2017

                                                                                                              Status

                                                                                                                Affected

                                                                                                              Vendor Statement

                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                              Vendor Information

                                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                                              Vendor References

                                                                                                              Oracle Corporation

                                                                                                              Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                              Status

                                                                                                                Unknown

                                                                                                              Vendor Statement

                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                              Vendor References

                                                                                                                Oryx Embedded

                                                                                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                Status

                                                                                                                  Unknown

                                                                                                                Vendor Statement

                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                Vendor References

                                                                                                                  Peplink

                                                                                                                  Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                                                  Status

                                                                                                                    Affected

                                                                                                                  Vendor Statement

                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                  Vendor Information

                                                                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                                                                  Vendor References

                                                                                                                  pfSENSE

                                                                                                                  Updated:  October 23, 2017

                                                                                                                  Statement Date:   October 20, 2017

                                                                                                                  Status

                                                                                                                    Affected

                                                                                                                  Vendor Statement

                                                                                                                  The pfSense project is aware of the KRACK WPA2 flaws and we have addressed them in the upcoming 2.4.1 and 2.3.5 releases, due out next week. Development snapshots of 2.4.1 and 2.3.5 containing fixes for the issue are available for those who need to obtain the corrections before the official release. These snapshots were fixed as soon as corrections were made available from the FreeBSD project upstream on October 17th. A notice was posted to our social media accounts once the fixes were imported and tested. The official releases of 2.4.1 and 2.3.5 will be announced on our blog at https://www.netgate.com/blog/ and on social media.

                                                                                                                  Vendor Information

                                                                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                                                                  Vendor References

                                                                                                                  Philips Electronics

                                                                                                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                  Status

                                                                                                                    Unknown

                                                                                                                  Vendor Statement

                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                  Vendor References

                                                                                                                    PowerDNS

                                                                                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                    Status

                                                                                                                      Unknown

                                                                                                                    Vendor Statement

                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                    Vendor References

                                                                                                                      Pulse Secure

                                                                                                                      Notified:  August 30, 2017 Updated: August 30, 2017

                                                                                                                      Status

                                                                                                                        Unknown

                                                                                                                      Vendor Statement

                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                      Vendor References

                                                                                                                        QNX Software Systems Inc.

                                                                                                                        Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                        Status

                                                                                                                          Unknown

                                                                                                                        Vendor Statement

                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                        Vendor References

                                                                                                                          Quadros Systems

                                                                                                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                          Status

                                                                                                                            Unknown

                                                                                                                          Vendor Statement

                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                          Vendor References

                                                                                                                            QUALCOMM Incorporated

                                                                                                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                            Status

                                                                                                                              Unknown

                                                                                                                            Vendor Statement

                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                            Vendor References

                                                                                                                              Quantenna Communications

                                                                                                                              Notified:  September 18, 2017 Updated: September 18, 2017

                                                                                                                              Status

                                                                                                                                Unknown

                                                                                                                              Vendor Statement

                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                              Vendor References

                                                                                                                                ReactOS

                                                                                                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                Status

                                                                                                                                  Unknown

                                                                                                                                Vendor Statement

                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                Vendor References

                                                                                                                                  Red Hat, Inc.

                                                                                                                                  Notified:  August 28, 2017 Updated: October 17, 2017

                                                                                                                                  Statement Date:   October 03, 2017

                                                                                                                                  Status

                                                                                                                                    Affected

                                                                                                                                  Vendor Statement

                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                  Vendor Information

                                                                                                                                  wpa_supplicant as shipped with Red Hat Enterprise Linux is vulnerable.

                                                                                                                                  Vendor References

                                                                                                                                  Redpine Signals

                                                                                                                                  Notified:  September 18, 2017 Updated: September 25, 2017

                                                                                                                                  Status

                                                                                                                                    Unknown

                                                                                                                                  Vendor Statement

                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                  Vendor Information

                                                                                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                  Riverbed Technologies

                                                                                                                                  Updated:  October 17, 2017

                                                                                                                                  Statement Date:   October 16, 2017

                                                                                                                                  Status

                                                                                                                                    Affected

                                                                                                                                  Vendor Statement

                                                                                                                                  We would like to report that "Riverbed Xirrus" is affected by the WPA2 handshake vulnerability (VU#228519).

                                                                                                                                  Vendor Information

                                                                                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                  Rocket RTOS

                                                                                                                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                  Status

                                                                                                                                    Unknown

                                                                                                                                  Vendor Statement

                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                  Vendor References

                                                                                                                                    Rockwell Automation

                                                                                                                                    Updated:  October 25, 2017

                                                                                                                                    Statement Date:   October 25, 2017

                                                                                                                                    Status

                                                                                                                                      Affected

                                                                                                                                    Vendor Statement

                                                                                                                                    https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697

                                                                                                                                    Vendor Information

                                                                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                    Vendor References

                                                                                                                                    Ruckus Wireless

                                                                                                                                    Notified:  August 30, 2017 Updated: October 18, 2017

                                                                                                                                    Statement Date:   October 17, 2017

                                                                                                                                    Status

                                                                                                                                      Affected

                                                                                                                                    Vendor Statement

                                                                                                                                    The Ruckus Wireless product is affected.  Patches are in beta/development.

                                                                                                                                    Vendor Information

                                                                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                    Vendor References

                                                                                                                                    SafeNet

                                                                                                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                    Status

                                                                                                                                      Unknown

                                                                                                                                    Vendor Statement

                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                    Vendor References

                                                                                                                                      Samsung Mobile

                                                                                                                                      Notified:  August 28, 2017 Updated: October 12, 2017

                                                                                                                                      Statement Date:   October 12, 2017

                                                                                                                                      Status

                                                                                                                                        Affected

                                                                                                                                      Vendor Statement

                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                      Vendor Information

                                                                                                                                      We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                      Secure64 Software Corporation

                                                                                                                                      Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                      Status

                                                                                                                                        Unknown

                                                                                                                                      Vendor Statement

                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                      Vendor References

                                                                                                                                        Sierra Wireless

                                                                                                                                        Notified:  September 22, 2017 Updated: October 16, 2017

                                                                                                                                        Status

                                                                                                                                          Affected

                                                                                                                                        Vendor Statement

                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                        Vendor Information

                                                                                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                        Vendor References

                                                                                                                                        Slackware Linux Inc.

                                                                                                                                        Notified:  August 28, 2017 Updated: October 20, 2017

                                                                                                                                        Status

                                                                                                                                          Affected

                                                                                                                                        Vendor Statement

                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                        Vendor Information

                                                                                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                        Vendor References

                                                                                                                                        SmoothWall

                                                                                                                                        Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                        Status

                                                                                                                                          Unknown

                                                                                                                                        Vendor Statement

                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                        Vendor References

                                                                                                                                          Snort

                                                                                                                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                          Status

                                                                                                                                            Unknown

                                                                                                                                          Vendor Statement

                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                          Vendor References

                                                                                                                                            SonicWall

                                                                                                                                            Updated:  October 19, 2017

                                                                                                                                            Status

                                                                                                                                              Not Affected

                                                                                                                                            Vendor Statement

                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                            Vendor Information

                                                                                                                                            We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                            Vendor References

                                                                                                                                            Sonos

                                                                                                                                            Updated:  October 25, 2017

                                                                                                                                            Statement Date:   October 24, 2017

                                                                                                                                            Status

                                                                                                                                              Affected

                                                                                                                                            Vendor Statement

                                                                                                                                            Sonos has determined that our speaker products are affected by issues described in the KRACK WPA2 vulnerability announcement. We are working on a firmware update to address these vulnerabilities and will make it available as soon as testing is complete.

                                                                                                                                            Vendor Information

                                                                                                                                            We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                            Sony Corporation

                                                                                                                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                            Status

                                                                                                                                              Unknown

                                                                                                                                            Vendor Statement

                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                            Vendor References

                                                                                                                                              Sony Corporation

                                                                                                                                              Updated:  November 08, 2017

                                                                                                                                              Status

                                                                                                                                                Affected

                                                                                                                                              Vendor Statement

                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                              Vendor Information

                                                                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                              Vendor References

                                                                                                                                              Sophos, Inc.

                                                                                                                                              Notified:  September 06, 2017 Updated: October 23, 2017

                                                                                                                                              Status

                                                                                                                                                Affected

                                                                                                                                              Vendor Statement

                                                                                                                                              https://community.sophos.com/kb/en-us/127658

                                                                                                                                              Vendor Information

                                                                                                                                              https://community.sophos.com/kb/en-us/127658

                                                                                                                                              Vendor References

                                                                                                                                              Sourcefire

                                                                                                                                              Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                              Status

                                                                                                                                                Unknown

                                                                                                                                              Vendor Statement

                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                              Vendor References

                                                                                                                                                Stryker

                                                                                                                                                Notified:  August 30, 2017 Updated: September 25, 2017

                                                                                                                                                Status

                                                                                                                                                  Unknown

                                                                                                                                                Vendor Statement

                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                Vendor Information

                                                                                                                                                We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                SUSE Linux

                                                                                                                                                Notified:  August 28, 2017 Updated: October 17, 2017

                                                                                                                                                Statement Date:   October 17, 2017

                                                                                                                                                Status

                                                                                                                                                  Affected

                                                                                                                                                Vendor Statement

                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                Vendor Information

                                                                                                                                                We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                Vendor References

                                                                                                                                                Symantec

                                                                                                                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                Status

                                                                                                                                                  Unknown

                                                                                                                                                Vendor Statement

                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                Vendor References

                                                                                                                                                  Synology

                                                                                                                                                  Updated:  October 17, 2017

                                                                                                                                                  Statement Date:   October 17, 2017

                                                                                                                                                  Status

                                                                                                                                                    Affected

                                                                                                                                                  Vendor Statement

                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                  Vendor Information

                                                                                                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                  Vendor References

                                                                                                                                                  TCPWave

                                                                                                                                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                  Status

                                                                                                                                                    Unknown

                                                                                                                                                  Vendor Statement

                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                  Vendor References

                                                                                                                                                    Technicolor

                                                                                                                                                    Updated:  October 19, 2017

                                                                                                                                                    Statement Date:   October 18, 2017

                                                                                                                                                    Status

                                                                                                                                                      Affected

                                                                                                                                                    Vendor Statement

                                                                                                                                                    By making use of a model-based approach, researchers from K.U Leuven University have identified several theoretical flaws in the Wi-Fi Protected Acess (WPA) protocol. These weaknesses constitute a new class of attack on the 4-way handshake used in all flavors of WPA/WPA2, named KRACK: Key Reinstallation AttaCK. This academic research presents an industry-wide issue as all products implementing Wi-Fi are theoretically vulnerable. In practice, no gateway or modem manufactured by Technicolor, implementing WiFi Access point routing function is affected by this class of attack. This is due to the fact that the vulnerable function allowing practical attack against the Access Point is not present. The end users should continue to use their Technicolor gateway or modem without changing WPA2 settings. In particular, none of these attacks is able to retrieve the WPA private passphrase. This recommendation is also valid for the legacy Thomson and Cisco branded gateways and modems. The 802.11r standard makes use of a 4-way handshake protocol that was mathematically proven secure by the scientific community. Yet, the research publication exhibits weaknesses in some implementations of this protocol, that can affect the way the client connects to the Access point. For Access Points, the operational impact is very limited. Gateways and modems configured as Wi-Fi Access Point are not potentially concerned, except when supporting Fast BSS Transition handshake introduced with 802.11r standard. Fast BSS Transition handshake is usually not supported on residential gateways and modems, because this feature is intended to minimize roaming time between several access points in a managed network. Technicolor works constantly to improve security of its products, alongside with the Wi-Fi Alliance. Technicolor remains committed to provide efficient support to its customers and end-users. Our detailed security bulletins remain reserved for our customers. Customers can contact their Technicolor Customer Technical Support.

                                                                                                                                                    Vendor Information

                                                                                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                    Texas Instruments

                                                                                                                                                    Updated:  November 08, 2017

                                                                                                                                                    Status

                                                                                                                                                      Affected

                                                                                                                                                    Vendor Statement

                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                    Vendor Information

                                                                                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                    Vendor References

                                                                                                                                                    TippingPoint Technologies Inc.

                                                                                                                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                    Status

                                                                                                                                                      Unknown

                                                                                                                                                    Vendor Statement

                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                    Vendor References

                                                                                                                                                      Tizen

                                                                                                                                                      Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                      Status

                                                                                                                                                        Unknown

                                                                                                                                                      Vendor Statement

                                                                                                                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                      Vendor References

                                                                                                                                                        Toshiba Commerce Solutions

                                                                                                                                                        Notified:  September 15, 2017 Updated: October 13, 2017

                                                                                                                                                        Statement Date:   October 13, 2017

                                                                                                                                                        Status

                                                                                                                                                          Affected

                                                                                                                                                        Vendor Statement

                                                                                                                                                        Toshiba Global Commerce Solutions Information for VU#228519 Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse Date Notified: 15 Sept 2017 Statement Date: 15 October 2017 Date Updated: Status Affected Vendor Statement Toshiba Global Commerce Solutions (TGCS) has reviewed the subject VU#228519 across its full product line and has determined that our SureMark 4610 Printer (Models 1NR, 2CR, 2NR) with Wireless Lan Adapter is affected by this vulnerability. TGCS will release a Security Alert directly to entitled customers and business partners. To reduce the risk of an attack based on this vulnerability, we continue communicating with customers while not making this generally available to others who may have ill intent. With the information in the alert, the customer can determine their own level of risk. TGCS reminds their customers to update third party operating systems and wireless attachment cards for this vulnerability. Vendor Information Toshiba Global Commerce Solution Security Alerts are available in the Toshiba Commerce Portal at www.toshibacommerce.com. An Enterprise ID (EID) is required to access the alerts. If you do not have an EID, please complete the application at Apply for an Enterprise ID. A subscription service is also available. A subscriber will receive an email with a direct link, to quickly access a new alert. To subscribe to future alerts, please visit Notifications for directions. By subscribing to any of the Security Alert folders you consent to notification mailings to the email address associated with your Enterprise ID (EID). You can unsubscribe at any time by visiting Notifications and following the instructions. Vendor References http://www.toshibacommerce.com Addendum There are no additional comments at this time.

                                                                                                                                                        Vendor Information

                                                                                                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                        Vendor References

                                                                                                                                                        Toshiba Electronic Devices & Storage Corporation

                                                                                                                                                        Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                                                                                        Statement Date:   October 16, 2017

                                                                                                                                                        Status

                                                                                                                                                          Affected

                                                                                                                                                        Vendor Statement

                                                                                                                                                        VULNERABILITY FOUND RELATED TO THE GENERATION AND MANAGEMENT OF WPA2 KEY ON CANVIO (STOR.E) WIRELESS PRODUCTS http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm

                                                                                                                                                        Vendor Information

                                                                                                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                        Vendor References

                                                                                                                                                        Toshiba Memory Corporation

                                                                                                                                                        Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                                                                                        Statement Date:   October 16, 2017

                                                                                                                                                        Status

                                                                                                                                                          Affected

                                                                                                                                                        Vendor Statement

                                                                                                                                                        Product 1: FlashAir SDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir may have a security vulnerability related to the generation and management of WPA2 key (for general customers) http://www.toshiba-personalstorage.net/news/20171017.htm SDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir may have a security vulnerability related to the generation and management of WPA2 key (for enterprises and users of the website for developers ESC$B!HESC(BFlashAir DevelopersESC$B!IESC(B) https://www.toshiba-memory.co.jp/en/company/news/20171017-1.html Product 2: CANVIO AeroMobile VULNERABILITY FOUND RELATED TO THE GENERATION AND MANAGEMENT OF WPA2 KEY http://support.toshiba.com/support/staticContentDetail?contentId=4015875&isFromTOCLink=false

                                                                                                                                                        Vendor Information

                                                                                                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                        Vendor References

                                                                                                                                                        TP-LINK

                                                                                                                                                        Updated:  October 18, 2017

                                                                                                                                                        Statement Date:   October 18, 2017

                                                                                                                                                        Status

                                                                                                                                                          Affected

                                                                                                                                                        Vendor Statement

                                                                                                                                                        Recently we have already received feedback about the KRACK vulnerabilities. After checking the detailed information of this vulnerability, we have found that some of our products are affected by it. We have published a security advisory on our official website and we are working to solve the problems now. Here are the links: Security Advisory: http://www.tp-link.com/en/faq-1970.html Software updates for the affected devices will be post at www.tp-link.com/support.html over the next few weeks.

                                                                                                                                                        Vendor Information

                                                                                                                                                        We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                        Vendor References

                                                                                                                                                        TrueOS

                                                                                                                                                        Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                        Status

                                                                                                                                                          Unknown

                                                                                                                                                        Vendor Statement

                                                                                                                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                        Vendor References

                                                                                                                                                          Turbolinux

                                                                                                                                                          Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                          Status

                                                                                                                                                            Unknown

                                                                                                                                                          Vendor Statement

                                                                                                                                                          No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                          Vendor References

                                                                                                                                                            Turris Omnia

                                                                                                                                                            Updated:  October 23, 2017

                                                                                                                                                            Status

                                                                                                                                                              Affected

                                                                                                                                                            Vendor Statement

                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                            Vendor Information

                                                                                                                                                            We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                            Vendor References

                                                                                                                                                            Ubiquiti Networks

                                                                                                                                                            Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                                                                                            Statement Date:   October 15, 2017

                                                                                                                                                            Status

                                                                                                                                                              Affected

                                                                                                                                                            Vendor Statement

                                                                                                                                                            AmpliFi line products are not affected since firmware v2.4.3. Firmware v2.4.2 is partially affected and all versions prior to that are affected. All airMAX AC and M series products have fixes for the majority of WPA2 rekeying issues since v8.4.0 (AC series) and v6.0.7 (M series). Additional improvements will fully resolve the issue with v8.4.2/v6.1.2. Furthermore, our proprietary airMAX protocol makes simple attacks more difficult. References: https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 All UniFi Access Point products are not affected by the WPA PTK issues with firmware 3.9.3 and above, but are affected by the 11r/FT issue, where 11r/FT is still in beta. Reference: https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365

                                                                                                                                                            Vendor Information

                                                                                                                                                            We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                            Vendor References

                                                                                                                                                            Ubuntu

                                                                                                                                                            Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                                                                                            Status

                                                                                                                                                              Affected

                                                                                                                                                            Vendor Statement

                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                            Vendor Information

                                                                                                                                                            We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                            Vendor References

                                                                                                                                                            Unisys

                                                                                                                                                            Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                            Status

                                                                                                                                                              Unknown

                                                                                                                                                            Vendor Statement

                                                                                                                                                            No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                            Vendor References

                                                                                                                                                              VMware

                                                                                                                                                              Notified:  August 28, 2017 Updated: October 16, 2017

                                                                                                                                                              Statement Date:   October 13, 2017

                                                                                                                                                              Status

                                                                                                                                                                Not Affected

                                                                                                                                                              Vendor Statement

                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                              Vendor Information

                                                                                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                              Volumio

                                                                                                                                                              Updated:  October 23, 2017

                                                                                                                                                              Status

                                                                                                                                                                Affected

                                                                                                                                                              Vendor Statement

                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                              Vendor Information

                                                                                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                              Vendor References

                                                                                                                                                              Watchguard Technologies, Inc.

                                                                                                                                                              Updated:  October 16, 2017

                                                                                                                                                              Status

                                                                                                                                                                Affected

                                                                                                                                                              Vendor Statement

                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                              Vendor Information

                                                                                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                              Vendor References

                                                                                                                                                              Welch Allyn

                                                                                                                                                              Notified:  August 30, 2017 Updated: September 25, 2017

                                                                                                                                                              Status

                                                                                                                                                                Unknown

                                                                                                                                                              Vendor Statement

                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                              Vendor Information

                                                                                                                                                              We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                              Wind River

                                                                                                                                                              Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                              Status

                                                                                                                                                                Unknown

                                                                                                                                                              Vendor Statement

                                                                                                                                                              No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                              Vendor References

                                                                                                                                                                WizNET Technology

                                                                                                                                                                Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                                Status

                                                                                                                                                                  Unknown

                                                                                                                                                                Vendor Statement

                                                                                                                                                                No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                Vendor References

                                                                                                                                                                  Xiaomi

                                                                                                                                                                  Notified:  August 28, 2017 Updated: October 23, 2017

                                                                                                                                                                  Status

                                                                                                                                                                    Affected

                                                                                                                                                                  Vendor Statement

                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                  Vendor Information

                                                                                                                                                                  We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                                  Vendor References

                                                                                                                                                                  Xilinx

                                                                                                                                                                  Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                                  Status

                                                                                                                                                                    Unknown

                                                                                                                                                                  Vendor Statement

                                                                                                                                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                  Vendor References

                                                                                                                                                                    Xirrus

                                                                                                                                                                    Updated:  October 23, 2017

                                                                                                                                                                    Status

                                                                                                                                                                      Affected

                                                                                                                                                                    Vendor Statement

                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                    Vendor Information

                                                                                                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                                    Vendor References

                                                                                                                                                                    Zebra Technologies

                                                                                                                                                                    Notified:  September 01, 2017 Updated: October 30, 2017

                                                                                                                                                                    Statement Date:   October 30, 2017

                                                                                                                                                                    Status

                                                                                                                                                                      Affected

                                                                                                                                                                    Vendor Statement

                                                                                                                                                                    https://www.zebra.com/us/en/support-downloads/lifeguard-security.html

                                                                                                                                                                    Vendor Information

                                                                                                                                                                    We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                                    Vendor References

                                                                                                                                                                    Zephyr Project

                                                                                                                                                                    Notified:  August 28, 2017 Updated: August 28, 2017

                                                                                                                                                                    Status

                                                                                                                                                                      Unknown

                                                                                                                                                                    Vendor Statement

                                                                                                                                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                                                                                                                                    Vendor References

                                                                                                                                                                      ZyXEL

                                                                                                                                                                      Notified:  August 28, 2017 Updated: October 13, 2017

                                                                                                                                                                      Statement Date:   October 13, 2017

                                                                                                                                                                      Status

                                                                                                                                                                        Affected

                                                                                                                                                                      Vendor Statement

                                                                                                                                                                      Thanks for bringing it to our attention prior to disclosure. We have identified a list of models vulnerable to the issue(s) and are now working on the fixes. Please find the details here: http://www.zyxel.com/support/announcement_wpa2_key_management.shtml

                                                                                                                                                                      Vendor Information

                                                                                                                                                                      We are not aware of further vendor information regarding this vulnerability.

                                                                                                                                                                      Vendor References

                                                                                                                                                                      View all 183 vendors View less vendors