Aruba Networks and Lancom have joined Cisco in announcing their investigations into a recently-discovered vulnerability in the 802.11 protocol.
Aruba broke its silence by saying that "all currently supported ArubaOS, Aruba Instant/InstantOS and Aruba Instant On software versions are affected by this vulnerability.”
Products that inherit the vulnerability are ArubaOS wi-fi controllers and campus/remote access points, instant access points, ArubaOS 10 access points, Aruba Instant On, and the 501 wireless bridge.
“Initial evidence indicates that an attacker needs to be authenticated to the wi-fi network using valid credentials before being able to carry out the attack," the vendor said.
"This would imply that the vulnerability requires an insider threat to be exploited."
Because an attacker needs to be authenticated, the company rated the severity of the bug as “low”.
In its response, Lancom doesn’t score the vulnerability, but said it is “reviewing the implementation of additional security measures to prevent the execution of this attack in general”.
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
