|Tracking ID:||CVE-2017-13077 through CVE-2017-13088|
On 16 October 2017, security researchers from the University of Leuven disclosed a vulnerability in the WPA and WPA2 wireless encryption standards that could allow an attacker to decrypt wireless traffic from a vulnerable client. These are protocol-level vulnerabilities and are assumed to affect all industry implementations of the standard in wireless infrastructure devices and wireless clients. This security flaw means that, for vulnerable clients and access points, WPA and WPA2-encrypted Wi-Fi traffic is no longer secure until certain steps are taken to remediate the issue. The Wi-Fi data stream, including passwords and personal data, can be intercepted, decrypted, and modified without a user's knowledge.
All WatchGuard products with wireless functionality are affected by this vulnerability:
No workaround exists at this time.
Updates are available for Fireware and WatchGuard APs to address the vulnerabilities: