Nine vulnerabilities have been identified in Stryker Medical Beds. The vulnerabilities could be exploited in a man-in-the-middle attack by an attacker within radio range of vulnerable product to replay, decrypt, or spoof frames.
The vulnerabilities are present in the four-way handshake used by WPA and WPA2 wireless security protocols which allow nonce reuse in Key Reinstallation (KRACK) attacks. Similar vulnerabilities have been identified in a wide range of wireless devices.
The nine vulnerabilities are summarized below:
- CVE-2017-13077: Reinstallation of pairwise key in the four-way handshake.
- CVE-2017-13078: Reinstallation of group key in the four-way handshake.
- CVE-2017-13079: Reinstallation of Integrity Group Temporal Key in the four-way handshake.
- CVE-2017-13080: Reinstallation of group key in the group key handshake.
- CVE-2017-13081: Reinstallation of Integrity Group Temporal Key in the group key handshake.
- CVE-2017-13082: Reinstallation of Pairwise Transient Key Temporal Key in the fast BSS transmission handshake.
- CVE-2017-13086: Reinstallation of Tunneled Direct-Link Setup Peer Key in the Tunneled Direct-Link Setup handshake.
- CVE-2017-13087: Reinstallation of the Group Temporal Key when processing a Wireless Network Management Sleep Mode Response frame.
- CVE-2017-13088: Reinstallation of the Integrity Group Temporal Key when processing a Wireless Network Management Sleep Mode Response frame.
The group of vulnerabilities have collectively been assigned a CVSS v3 base score of 6.8 – Medium severity. The flaws were identified by Mathy Vanhoef of imec-DistriNet, KU Leuven and reported to the National Cybersecurity & Communications Integration Center (NCCIC).
Mitigations
Software updates have been released by Stryker to mitigate the vulnerabilities:
- Users of Gateway 2.0 should upgrade to software version 5212-400-905_3.5.002.01
- Users of Gateway 3.0 should upgrade to software version 5212-500-905_4.3.001.01
No patch is available for Gateway 1.0.
Additional measures can also be taken to reduce the risk of exploitation of the vulnerabilities. These include disabling iBed functionality if it is not being used, operating the products on a separate VLAN, and applying updates that include the KRACK patch to wireless access points.
The post Patches Released to Mitigate Stryker Medical Bed KRACK Vulnerabilities appeared first on HIPAA Journal.