Cisco Meraki – Action Required: Critical Security Update for 802.11r
Dear Meraki Customer,
We are reaching out to inform you of a new security vulnerability that has been recently discovered. The vulnerability has been documented as CVE-2017-13082 and makes Access Points with 802.11r enabled vulnerable to attacks. Customers that do not use 802.11r are not impacted.
The fix for the vulnerability is available in firmware versions MR 24.11 and MR 25.7. More information can be found here. You can upgrade your networks using the new ‘Firmware Upgrade Tool’ if you are not currently running these patched versions. Optionally, you can skip this version of firmware but this is notrecommended. If you choose to skip upgrading to the latest firmware, we strongly urge you to disable 802.11r. You can disabled 802.11r for an SSID from the ‘Access Control’ page in dashboard.
A list of affected networks for your organization named Shiloh Marketing Services Pty Ltd is available here.
Regards,
Cisco Meraki
