Earlier this week, several large implementation flaws were found in the Wi-Fi Protected Access (WPA) protocol which is used for encryption of wi-fi networks. The vast majority of wi-fi devices in the world are affected.
For general information about the vulnerability, please see:
https://www.krackattacks.com/
10 Common Vulnerability and Exposure (CVE) alerts were issued in response to this vulnerability. According to Cisco, 9 of these CVEs are exploited on the wi-fi client side and the remaining 1 is exploited on the infrastructure/AP side.
For the 9 client-side CVEs, users will need to update their client drivers and software to close the vulnerability. Many operating systems and hardware manufacturers have already made patches available. **Failure to patch your wireless devices may result in others being able to intercept and read any data you transmit over the wireless network.**
For the 1 infrastructure-side CVE, we currently expect Cisco to release a patch on Monday the 23rd. Previously the ETA was today, and we intended to patch over the weekend. Another IRIS News item will be posted once we have downloaded the patch file and scheduled a maintenance window.