| PageIdMakro |
|---|
| Seiteneigenschaften |
|---|
Description:
This document provides further information on the WLAN vulnerabilities listed in the paper "Framing Frames" (CVE-2022-47522).
| Info |
|---|
Our official safety message on this topic is available on our website. |
Topic 1: "Overriding the Victims Security Context / MAC address stealing attacks"
This attack scenario can occur in networks where WLAN clients are not allowed to communicate with each other and 802.1X authentication is performed at the same time. A potential attacker must already be authenticated as a participant in the network and thus have access data for the WLAN network.
...
Furthermore, in scenarios with a single access point or WLAN router, the attack can be prevented by activating the function "Protected Management Frames" (see reference manuals LCOS or LCOS LX).
Topic 2: "Leaking frames from the Queue"
Due to a weakness in the implementation of some WLAN stacks, a cloned MAC address is used to suggest to the access point that the device is in power-saving mode. The packets withheld by the access point due to power-saving are then delivered unencrypted.
LANCOM WLAN products with LCOS and LCOS LX are not affected by this behaviour.
Topic 3: "Abusing the queue for Network Disruptions"
By means of a cloned MAC address, it is suggested to the access point that the device is in power-saving mode. If this state is not resolved, a denial-of-service attack occurs because the victim can no longer communicate with the access point. This attack is based on an implementation-independent weakness of the 802.11 standard.
...