PSIRTMultiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification (FragAttacks)
Summary
On May 11th, 2021, Mathy Vanhoef (New York University Abu Dhabi) published a new paper, Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation, on a number of vulnerabilities in the base 802.11 protocol (802.11 is the standard that Wi-Fi is built on). The paper discloses three design flaws in the 802.11 standard and nine common implementation flaws related to aggregation and fragmentation functionality.
These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device.
| Version | Affected | Solution |
|---|---|---|
| FortiAP 7.0 | 7.0.0 through 7.0.1 | Upgrade to 7.0.2 or above |
| FortiAP 6.4 | 6.4.3 through 6.4.6 | Upgrade to 6.4.7 or above |
| FortiAP 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiAP 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiAP 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiAP 5.3 | 5.3 all versions | Migrate to a fixed release |
| FortiAP 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiAP 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiAP 4.3 | 4.3 all versions | Migrate to a fixed release |
| FortiAP 4.2 | 4.2 all versions | Migrate to a fixed release |
| FortiAP-C 5.4 | 5.4.0 through 5.4.2 | Upgrade to 5.4.3 or above |
| FortiAP-C 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiAP-S 6.4 | 6.4.0 through 6.4.6 | Upgrade to 6.4.7 or above |
| FortiAP-S 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiAP-S 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiAP-S 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiAP-S 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiAP-U 6.2 | 6.2.0 through 6.2.1 | Upgrade to 6.2.2 or above |
| FortiAP-U 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiAP-U 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiAP-W2 7.0 | 7.0.0 | Upgrade to 7.0.1 or above |
| FortiAP-W2 6.4 | 6.4.0 through 6.4.6 | Upgrade to 6.4.7 or above |
| FortiAP-W2 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiAP-W2 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiAP-W2 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiAP-W2 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiOS 7.0 | 7.0.0 through 7.0.1 | Upgrade to 7.0.2 or above |
| FortiOS 6.6 | 6.6 all versions | Migrate to a fixed release |
| FortiOS 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiOS 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiOS 6.0 | 6.0.0 through 6.0.17 | Migrate to a fixed release |
| FortiOS 5.6 | 5.6 all versions | Migrate to a fixed release |
| Meru AP 8.6 | 8.6.0 through 8.6.1 | Upgrade to 8.6.2 or above |
| Meru AP 8.5 | 8.5.0 through 8.5.4 | Upgrade to 8.5.5 or above |
| Meru AP 8.4 | 8.4 all versions | Migrate to a fixed release |
| Meru AP 8.3 | 8.3 all versions | Migrate to a fixed release |
| Meru AP 8.2 | 8.2 all versions | Migrate to a fixed release |
| Meru AP 8.1 | 8.1 all versions | Migrate to a fixed release |
Timeline
2021-06-01: Initial publication
References
- The FragAttacks paper can be accessed via the following link: https://papers.mathyvanhoef.com/usenix2021.pdf
- For more information about the vulnerabilities: https://www.fragattacks.com/