.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Medium
Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification
CVE(N)
CVE-2020-24586
CVE-2020-24587
CVE-2020-24588
PRODUCTO(S)
Sophos Firewall
Sophos UTM
Sophos Wireless
Actualizado
2021 May 12
Versión del artículo
1
Publicado
2021 May 12
ID de publicación
sophos-sa-20210512-fragattacks
Solución alternativa
No
Overview
On May 12, 2021, the researcher Mathy Vanhoef released a security advisory disclosing multiple medium severity CVEs for the 802.11 Wireless Network Specification, which is applicable to a wide variety of WiFi products. These vulnerabilities can be triggered by an adjacent attacker. If exploited, these vulnerabilities may lead to information disclosure under certain conditions, as well as unauthorized participation in a vulnerable network.
Sophos customers using any of the products mentioned below are impacted. If you are not using these products, you are not impacted.
Applies to the following Sophos product(s) and version(s)
- Sophos Firewall (XG and XGS) products with both integrated and add-on WiFi modules
- Sophos UTM (SG) products with both integrated and add-on WiFi modules
- APX 120, APX 320/X, APX 530, APX 740 access points (all management platforms)
- AP 100/C/X, AP 55/C, AP 15/C access points (all management platforms)
- RED and SD-RED with both integrated and add-on WiFi modules
Remediation
Sophos is working on porting available patches to the impacted firmware versions for all of the products above.
Update Timelines
| XG(S)/SG managed APX (APX120, APX320, APX530, APX740) | End July 2021 |
| XGS Integrated Wi-Fi and Optional Wi-Fi module | Early Aug 2021 |
| Central managed APX (APX120, APX320/X, APX530, APX740) | End Aug 2021 |
| Central managed AP (AP100/C/X, AP55/C, AP15/C) | End Aug 2021 |
| XG(S)/SG managed RED and SD-RED Wi-Fi | End Sep 2021 |
| XG Integrated Wi-Fi and Optional Wi-Fi module v18.x | End Sep 2021 |
| XG Integrated Wi-Fi and Optional Wi-Fi module v17.5 | Mid Oct 2021 |
| XG(S)/SG managed AP (AP100/C/X, AP55/C, AP15/C) | Mid Oct 2021 |
| SG Integrated Wi-Fi and Optional Wi-Fi module | End Nov 2021 |
Related Information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.