Multiple Products - Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification (FragAttacks)

Summary

On May 11th, 2021, Mathy Vanhoef (New York University Abu Dhabi) published a new paper, Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation, on a number of vulnerabilities in the base 802.11 protocol (802.11 is the standard that Wi-Fi is built on). The paper discloses three design flaws in the 802.11 standard and nine common implementation flaws related to aggregation and fragmentation functionality.

These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device.

Version Affected Solution
FortiAP 7.0 7.0.0 through 7.0.1 Upgrade to 7.0.2 or above
FortiAP 6.4 6.4.3 through 6.4.6 Upgrade to 6.4.7 or above
FortiAP 6.0 6.0 all versions Migrate to a fixed release
FortiAP 5.6 5.6 all versions Migrate to a fixed release
FortiAP 5.4 5.4 all versions Migrate to a fixed release
FortiAP 5.3 5.3 all versions Migrate to a fixed release
FortiAP 5.2 5.2 all versions Migrate to a fixed release
FortiAP 5.0 5.0 all versions Migrate to a fixed release
FortiAP 4.3 4.3 all versions Migrate to a fixed release
FortiAP 4.2 4.2 all versions Migrate to a fixed release
FortiAP-C 5.4 5.4.0 through 5.4.2 Upgrade to 5.4.3 or above
FortiAP-C 5.2 5.2 all versions Migrate to a fixed release
FortiAP-S 6.4 6.4.0 through 6.4.6 Upgrade to 6.4.7 or above
FortiAP-S 6.2 6.2 all versions Migrate to a fixed release
FortiAP-S 6.0 6.0 all versions Migrate to a fixed release
FortiAP-S 5.6 5.6 all versions Migrate to a fixed release
FortiAP-S 5.4 5.4 all versions Migrate to a fixed release
FortiAP-U 6.2 6.2.0 through 6.2.1 Upgrade to 6.2.2 or above
FortiAP-U 6.0 6.0 all versions Migrate to a fixed release
FortiAP-U 5.4 5.4 all versions Migrate to a fixed release
FortiAP-W2 7.0 7.0.0 Upgrade to 7.0.1 or above
FortiAP-W2 6.4 6.4.0 through 6.4.6 Upgrade to 6.4.7 or above
FortiAP-W2 6.2 6.2 all versions Migrate to a fixed release
FortiAP-W2 6.0 6.0 all versions Migrate to a fixed release
FortiAP-W2 5.6 5.6 all versions Migrate to a fixed release
FortiAP-W2 5.4 5.4 all versions Migrate to a fixed release
FortiOS 7.0 7.0.0 through 7.0.1 Upgrade to 7.0.2 or above
FortiOS 6.6 6.6 all versions Migrate to a fixed release
FortiOS 6.4 6.4 all versions Migrate to a fixed release
FortiOS 6.2 6.2 all versions Migrate to a fixed release
FortiOS 6.0 6.0.0 through 6.0.17 Migrate to a fixed release
FortiOS 5.6 5.6 all versions Migrate to a fixed release
Meru AP 8.6 8.6.0 through 8.6.1 Upgrade to 8.6.2 or above
Meru AP 8.5 8.5.0 through 8.5.4 Upgrade to 8.5.5 or above
Meru AP 8.4 8.4 all versions Migrate to a fixed release
Meru AP 8.3 8.3 all versions Migrate to a fixed release
Meru AP 8.2 8.2 all versions Migrate to a fixed release
Meru AP 8.1 8.1 all versions Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Timeline

2021-06-01: Initial publication

References