Synology-SA-17:60 KRACK
Publish Time: 2017-10-16 19:38:38 UTC+8
Last Updated: 2018-01-12 15:31:26 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple security vulnerabilities have been found in WPA2 protocol, and might allow man-in-the-middle attackers to hijack the entire network traffic through a vulnerable version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).
These vulnerabilities do not affect Synology DiskStation Manager (DSM) on devices without a Wi-Fi dongle installed.
Severity
- Impact: Important
- CVSS3 Base Score: 8.1
- CVSS3 Base Metrics: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected
- Products
- DSM 6.1
- DSM 6.0
- DSM 5.2
- SRM 1.1
- Models
- All Synology models
Description
- CVE-2017-13077
Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. - CVE-2017-13078
Reinstallation of the group key (GTK) in the 4-way handshake. - CVE-2017-13079
Reinstallation of the integrity group key (IGTK) in the 4-way handshake. - CVE-2017-13080
Reinstallation of the group key (GTK) in the group key handshake. - CVE-2017-13081
Reinstallation of the integrity group key (IGTK) in the group key handshake. - CVE-2017-13082
Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. - CVE-2017-13084
Reinstallation of the STK key in the PeerKey handshake. - CVE-2017-13086
Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. - CVE-2017-13087
Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. - CVE-2017-13088
Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Mitigation
None
Update Availability
To fix the security issue, please update DSM 6.1 to 6.1.3-15152-8 or above, DSM6.0 to 6.0.3-8754-6 or above and SRM 1.1 to 1.1.5-6542-3 or above.
For DSM 5.2 please update DSM to 6.0.3-8754-6 or above.
Reference
- https://www.krackattacks.com/
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13080
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13081
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13082
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13084
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13085
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13086
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13087