Any response yet ?

I have also asked internally if we are vulnerable for the Frag attack. Having said that, all attacks can only be launched from the internal network. The vulnerabilities are using 802.11 design flaws on frame aggregation and fragmentation. Once we know more about risk, severity, exploitation factor etc. I will update you all. 

Hi

There are several CVE there which are based on the 802.11 standard design, (and flaws) which are related to the way the standard handles frame aggregation and fragmentation.

We are working with the WiFi Vendor, and once fixes will be available, we will deploy them.

First analysis suggest you may be vulnerable only in close proximity as the described attacks can only carried out from the internal wireless network and therefore require physical proximity.   

Any updates? Many other companies already provude fixes.

I assume you have a TAC case open on this, correct?

No, I was referring to Amir, who said, that CP is working with the vendors on it.

Hi Guys

TAC was updated, so i wonder why the message didn't convey..

Anyway -

we have a fix ready, and it will be available on the next SMB release. (R80.20.30 - around the first week of July)

If your need a solution sooner, we can deliver a jumbo fix on top of R80.20.25. please contact TAC

Thanks

Hi Amir aware for R80.20. for CP 1500 series +  

My inquiry is specific to R77.20.87 for those that are still running on CP1400 series??  did open with TAC and it's unknown?

Hi Amir,

thank you for the update!

What about the 1400s (77.20.87) and the 1100s (77.20.80), which are both still covered by support?

Is there any SK for these issues?

Amir, does this apply for SMB 1400 series appliances that also have the integrated WiFi.  I see talks about 1500 series hope no one is forgetting the others. 

Pls advise.

Did they say anything? I also looked at below link, but cant find much for this

2021 | Check Point Software

no info as of yet from CP.

I would definitely bring that up to someone in TAC, because any vendor should and must have response to things like this.

already did...but it's no show response or unknown response for now.

@Naftali_Oziel , @pnormanmtvh you have your answer

Thanks all for the discussion and responses,

So as I understand it to mitigate these wi-fi vulnerabilities we can upgrade our 1590's to either:

• R80.20.25 Build 992002136 for 1500 Appliances - Question: Is this a GA release?
• R80.20.30 (SK173185) - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

It is likely that we will upgrade directly up to R80.20.30 due to Build 992002136 not appearing as a valid build on the sk171824 page.

Thanks

Incidentally, will Checkpoint be responding publicly to the ICASI statement with the fixes located at: https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/ ?

Yes, either is fine.

Thanks for the 700/900/1400 firmware why is it older than the current GA?  Does that make sense?

it's not older

its a jumbo_hf based on  latest jumbo release.

sequence number is different because it's a different branch (until a new public jumbo GA will be available)

Ok so it contains all fixes from B3083 GA?

yes

Thank you, no fix for the 1100s?

Will there be a fix for the 1100s?

Hi Steffen

to fix it a patch is needed from the WiFi Vendor. for the 1100, the driver is very old, and doesn't get frequently updated, so currently, there is no fix. if things will change, I'll update.

Any news for the 1100s?