A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victims BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
Weakness
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Arubaos | Arubanetworks | 6.5.4.0 (including) | 8.10.0.21 (including) |
| Arubaos | Arubanetworks | 8.11.0.0 (including) | 8.12.0.6 (including) |
| Arubaos | Arubanetworks | 8.13.0.0 (including) | 8.13.1.1 (including) |
| Arubaos | Arubanetworks | 10.3.0.0 (including) | 10.4.1.10 (including) |
| Arubaos | Arubanetworks | 10.5.0.0 (including) | 10.7.2.2 (including) |
| Arubaos | Arubanetworks | 10.8.0.0 (including) | 10.8.0.0 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/466.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/589.html
- https://cwe.mitre.org/data/definitions/590.html
- https://cwe.mitre.org/data/definitions/612.html
- https://cwe.mitre.org/data/definitions/613.html
- https://cwe.mitre.org/data/definitions/615.html
- https://cwe.mitre.org/data/definitions/662.html
- https://cwe.mitre.org/data/definitions/94.html
References
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US