This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FragAttacks Security Vulnerability - RUCKUS Technical Support Response Center

grodog-prod
Contributor II

‎05-11-2021 11:06 AM

At 11:00am PDT today, the Wi-Fi Alliance announced a new Wi-Fi security vulnerability, FragAttacks.

The FragAttacks - RUCKUS Technical Support Response Center is our central web page that brings together all of the RUCKUS-related information you need to address FragAttacks, including:

In addition, the RUCKUS senior technology leadership has prepared resources to explain the nature and impact of the FragAttacks vulnerabilities, including technical blogs, videos, and podcasts.  These are all linked on the FragAttacks - RUCKUS Technical Support Response Center web page.

Please use this thread as a central location for your FragAttacks questions and concerns.  Doing so will help to ensure that we can respond as quickly as possible to your issues as you raise them. 

Thank you!

Allan Grohe

Allan T. Grohe Jr.
==
Knowledge Management Program Director
for RUCKUS Customer Services & Support
44 REPLIES 44

hendri_marzuki
New Contributor II
In response to syamantakomer

‎05-17-2021 02:53 PM

Thank you! Much appreciated!

0 Kudos

syamantakomer
Community Admin
Community Admin

‎05-17-2021 08:44 AM

Hi All,

Fix for ZD 10.2.1 has been released on our support site.

RUCKUS ZoneDirector 10.2.1.0.200 (MR1 Refresh7):

  1. ZD1200 @ https://support.ruckuswireless.com/software/2995-zd1200-10-2-1-0-200-mr1-refresh7-software-release
  2. ZD3000 @ https://support.ruckuswireless.com/software/2996-zd3000-10-2-1-0-200-mr1-refresh7-software-release
  3. MIBs @ https://support.ruckuswireless.com/software/2997-zonedirector-10-2-1-0-200-mr1-refresh7-snmp-mibs-zi...
  4. Release Notes
    https://support.ruckuswireless.com/documents/3729-zonedirector-10-2-1-mr1-refresh7-release-notes

 

Our FragAttacks support page also updated with this information.

https://support.ruckuswireless.com/fragattacks-ruckus-technical-support-response-center


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

eizens_putnins
Valued Contributor II

‎05-17-2021 12:47 PM

Hi,

I want to emphasize, that normally new firmware can't be installed if ZD isn't under active support. In Release Note is stated that for some time this check is suspended, to allow patching all systems, with or without support.

It is really very responsible step from Ruckus and must be clearly stated in BIG LETTERS on the same page with list of download links to encourage immediate action! 

What about version 9.8-9.9 --  as Ruckus APs have a very long useful life, there are still many 802.11n networks in operation and even 802.11g - it is extreme, but there is a network with ZF2942 APs (in 4star hotel, installed by us in 2007, and still "good enough not to be replaced yet" for hotel management!). Of cause, these networks have no support, as they can't upgrade to the latest versions anyway (APs and even controllers are not supported).

Are there any plans to get patches to version 9.9 or similar, which allows managing older APs? At least for version supporting ZF7372/52, ZF7982, etc.

I know that it is better to replace them, but it is not going to happen for quit a while.  As far as 802.11n service is still acceptable, they will stay around, secure or not.

There is, of cause, question about patch efficiency --  as you can never guarantee that all devices connected to network are patched, is patching a network really efficient? I understand, that without patching APs, you can't fix the vulnerability at all, but if there is a big part of unpatched clients,  will this provide any real improvement?

For really critical networks -- is there a way to block vulnerable clients on WiFi level, or the only chance for that is NAC?

syamantakomer
Community Admin
Community Admin
In response to eizens_putnins

‎05-17-2021 01:23 PM

Hi @eizens_putnins ,

Most of the queries above are already answered in our FragAttack support page.

Please refer the page from here.

I am trying to answer a few queries here.

  1. Yes you can upgrade the ZD even if you don't have support entitlement. Try to sync license online from ZD, or reachout to support and request for temporary entitlement.
  2. Without patching APs and clients, fix is useless, so yes, both side devices needs to be patched.
  3. However, there are some vulnerabilities which can be patched just by APs but not all, hence patching both sides is strongly recommended.
  4. It could be hard to patch already EOS/EOL devices. I am still checking this internally.

You can refer detailed information on FragAttach support page.


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn
Copyright © 2024 Khoros, LLC