PSIRT Advisories

Multiple Products - Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification (FragAttacks)

Summary

On May 11th, 2021, Mathy Vanhoef (New York University Abu Dhabi) published a new paper, Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation, on a number of vulnerabilities in the base 802.11 protocol (802.11 is the standard that Wi-Fi is built on). The paper discloses three design flaws in the 802.11 standard and nine common implementation flaws related to aggregation and fragmentation functionality.

These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device.

Affected Products

FortiAP versions 4.x, 5.x, 6.x and 7.0.1

FortiAP-C versions 5.4.0 through 5.4.3

FortiAP-S versions 5.x and 6.x below 6.4.6

FortiAP-U versions 5.x and 6.x below 6.2.1

FortiAP-W2 versions 5.x, 6.x and 7.0.0

Meru AP versions 6.x, 7.x and 8.x below 8.6.1
FortiWiFi 7.0.1 and below. 

Solutions

FortiAP: Fix in version 7.0.2
FortiAP: Fix in version 6.4.7

FortiAP-C: Fix in version 5.4.3

FortiAP-S: Fix in version 6.4.7

FortiAP-U: Fix in version 6.2.2

FortiAP-W2: Fix in version 7.0.1
FortiAP-W2: Fix in version 6.4.7

FortiWiFi: Fix in version 7.0.2

Meru AP: Fix in version 8.6.2
Meru AP: Fix in version 8.5.5

References