Hewlett Packard Enterprise Product Security Vulnerability Alerts
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 – Also Known as the Krack Attack
Version 2.0 : Last Updated: October 25th, 2017
This website is updated frequently, as new product information becomes available.
On October 16, 2017, security researchers Mathy Vanhoef and Frank Piessens described vulnerabilities in Wi-Fi Protected Access II (WPA2) by publishing a research paper, "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2". Certain Vulnerable WPA2 handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or wireless client. This allows for an attacker within range of an affected AP and wireless client to execute arbitrary packet decryption, packet injection, TCP connection hijacking, and HTTP content injection.
This vulnerability has the following CVEs assigned: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.
Hewlett Packard Enterprise is currently evaluating its products to determine which ones may be impacted by this vulnerability. This list will be updated as new information is received.
- Resources
- HPE Vulnerability Homepage
- NVD Website
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Family |
High-level product
description. |
Product Name |
Detailed product
description. |
CVE-XXXX |
Indicates whether
the specific product is affected by the cited vulnerability. |
(Impacted Y/N) |
|
If Impacted |
Information
regarding how to address a vulnerability. |
Mitigation Info |
|
Link to Security Bulletin |
Link to HPE's
Security Bulletin |
Use the following table to find vulnerability information.
Product Category
|
Product Sub- Category |
Product Name |
HTTPoxy (impacted
Y/N) |
If Impacted -
Mitigation |
Link(s) to
security bulletin (PSRT or Vendor) |
Aruba |
Aruba Network |
Aruba OS |
Yes |
Refer to the Security Bulletin |
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt |
HPE Aruba |
Aruba Network |
Aruba Instant |
Yes |
Refer to the Security Bulletin |
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt |
Aruba |
HPE OfficeConnect |
HPE OfficeConnect R-Series Wireless |
Yes |
Refer to the Security Bulletin |
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt |
HP |
HP |
HP PS110 Wireless |
Yes |
Refer to the Security Bulletin |
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt |
HPE Aruba |
HPE |
HPE M111 |
Yes |
Refer to the Security Bulletin |
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03792en_us |
HPE Aruba |
Aruba Network |
Aruba/HPE 501 Client Bridge |
Yes |
Refer to the Security Bulletin |
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03792en_us |
Aruba |
HPE OfficeConnect |
HPE OfficeConnect M-Series Wireless |
No |
|
|
Aruba |
Aruba Network |
Aruba ClearPass |
No |
|
|
Aruba |
Aruba Network |
Aurba
Airwave |
No |
|
|
HPE Aruba |
HPE Network |
HPE MSM Wireless |
No |
|
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00029151en_us |
DCIG |
HPE Network |
PVOS Legacy |
No |
|
|
DCIG |
HPE Network |
ProVision
Switches |
No |
|
|
HPE Aruba |
Aruba Network (H3C) |
HPE MSR93X Router Series |
No |
|
|
HPE Aruba |
Aruba Network (H3C) |
HPE MSR95X Router Series |
No |
|
|
HPE Aruba |
Aruba Network (H3C) |
HPE 802.11b/g/n Wireless AP SIC Module |
No |
|
|
DCIG |
H3C Network |
Comware
v5 |
No |
|
|
DCIG |
H3C Network |
Comware
v7 |
No |
|
|
DCIG |
H3C Network |
Intelligent Management Center (IMC) |
No |
|
|
DCIG |
H3C Network |
SecBlade
SSL VPN (Comware v3) |
No |
|
|
HPE Aruba |
HPE Networks |
HPE Unified Wireless Solutions |
No |
|
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00029151en_us |
DCIG |
H3C Network |
VoIP (VCX) |
No |
|
|
DCIG |
HPE Network |
SDN Applications |
No |
|
|
DCIG |
HPE Network |
SDN Controller |
No |
|
|
DCIG |
H3C Network |
HP Small Biz Network (SBN) solutions |
No |
|
|
DCIG |
H3C Network |
vSwitch |
No |
|
|
DCIG |
XP Storage |
HP XP7 Storage System Service Processor |
No |
|
|
DCIG |
XP Storage |
HP XP P9500 Disk Array Service Processor |
No |
|
|
DCIG |
XP Storage |
HP XP24000/XP20000 Disk Array Service Processor |
No |
|
|
DCIG |
XP Software |
HPE XP7 Performance Advisor Software v7.x |
No |
|
|