BugZero | Cisco BugID CSCvp21915 - RSN IE length mismatch between assoc and EAPOL-M2 ...

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCvp21915 - RSN IE length mismatch between assoc and EAPOL-M2 ...

Cisco - Defect ID: CSCvp21915

RSN IE length mismatch between assoc and EAPOL-M2 frame

Cisco - Defect ID: CSCvp21915

RSN IE length mismatch between assoc and EAPOL-M2 frame

Last updated on July 28th, 2022

BugZero Risk Score
6.2 Medium

Overall: 6.2

Severity: 6.4

Lifecycle: 9.1

Popularity: 6.0

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

Older device attempting to use WPA2 to associate to WPA2/AES only WLAN. Client debugs show mismatch between association frame RSN IE and EAPOL-M2 frame RSN IE (length) as shown in example below: *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00:40:17:6b:4d:90 Compare RSN IE in association and EAPOL-M2 frame(rsnie_len :20, and grpMgmtCipherLen:0) *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00:40:17:6b:4d:90 rsnieCapabilty = 0 rsnie_len =20 *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00:40:17:6b:4d:90 EAPOL-key M2 with invalid RSN IE received from mobile 00:40:17:6b:4d:90 rxed IE len :20, rxed IE length in association:22 rsnie_len to compare = 20 *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00:40:17:6b:4d:90 Dumping RSNIE received in Association request(len = 22): *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00000000: 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 0............... *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00000010: 00 0f ac 02 28 00 ....(. *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00:40:17:6b:4d:90 Dumping RSNIE received in EAPOL M2 (len = 20): *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00000000: 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ................ *Dot1x_NW_MsgTask_0: Apr 03 17:49:07.862: 00000010: ac 02 00 00 ....

Conditions

Older device attempting to use WPA2 to associate to WPA2/AES only WLAN on 8.5.140.0 code.

Workaround

Utilize older code such as 8.2.170.2 which works fine or configure device to be WPA only and modify WLAN to be WPA/TKIP + WPA2/AES. We have introduced a new CLI to enable/disable RSN Capability validation. By default it will be enabled. (Cisco Controller) >config advanced eap rsn-capability-validation enable Enables RSN Capability validation disable Disables RSN Capability validation

Further Problem Description

Same device and same configuration works on 8.2.170.2 but does not work on 8.5.140.0.

Change history

2022-07-28 Added: 8.5.140.0

Links

Original Vendor Announcement

Relevant Products

Click on a version to see all relevant bugs

Affected versions:8.5.140.0

Fixed versions: 8.10.104.127, 8.10.104.148, 8.10.105.0, 8.10.112.0, 8.10.113.0, 8.10.120.0, 8.10.121.0, 8.10.122.0, 8.10.130.0, 8.10.142.0, 8.10.151.0, 8.10.162.0, 8.10.171.0, 8.5.151.0, 8.5.151.3, 8.5.151.4, 8.5.152.102, 8.5.160.0, 8.5.161.0, 8.5.164.0, 8.5.171.0, 8.5.182.0

Relevant Products

Click on a version to see all relevant bugs

Affected versions:8.5.140.0

Top Cisco Defects

9.7Defect ID: CSCwh87343
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
9.7Defect ID: CSCwf08698
Cat9k Crashes Unexpectedly due to a Fault in the 'TLSCLIENT_PROCESS'
9.7Defect ID: CSCvm90995
ASR1000-RP2: Rommon fails to boot Cisco IOS software of 1GB size
9.7Defect ID: CSCvx32806
Access Points stuck in bootloop due to image checksum verification failed
9.7Defect ID: CSCwc94466
Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvp21915

RSN IE length mismatch between assoc and EAPOL-M2 frame

Cisco - Defect ID: CSCvp21915

RSN IE length mismatch between assoc and EAPOL-M2 frame

Last updated on July 28th, 2022

BugZero Risk Score6.2 Medium

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.2 Medium