Jump to content

[CVE-2022-47522] MacStealer: Wi-Fi Client Isolation Bypass


Twibow

Recommended Posts

Posted

Hello,

I recently discover the CVE-2022-47522 which seems to affect most of the equipment on the market.

To summarize the vulnerability: Once a device is connected to a Wi-Fi network, we can assume that packets are routed to the machines using the MAC address. Therefore, in order to carry out the attack, the hacker must disconnect a targeted device by connecting to it spoof its MAC Adress. This attack is possible because the CVE-2022-47522 vulnerability, located in the power-saving mechanism of the IEEE 802.11 standard, allows to override the Wi-Fi client isolation feature, but also the Dynamic ARP Inspection.

Full details in research publish paper : https://papers.mathyvanhoef.com/usenix2023-wifi.pdf 

attack.png

Mathy Vanhoef published a well documented POC to test if a LAN is vulnerableon GitHub.

POC Available herehttps://github.com/vanhoefm/macstealer

I think it would be particularly interesting to integrate the tool as a module for the PineApple.

What do you think about it ?

Posted

This has been around in the news for about a week now and I don't see any real reason to make a module out of it, unless a wider kind of "attack surface" can be discovered related to the flaw. We'll see how it develops as vendors analyze it all (Cisco has this far tagged it as "Informational"). As it has been described this far (and the reactions to it), I wouldn't throw myself over the keyboard and start sweating to create a module for it.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...