Today a research paper titled "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available by imec-DistriNet Research Group. The paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols.
802.11r is a standard for improving the roaming experience of wireless client devices as they physically move. This technology enables client devices to automatically associate and disassociate to various access points based off physical location. The vulnerability abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This vulnerability affects numerous wireless products across the industry, and it is considered a critical security concern. We recommend all our customers patch their wireless infrastructures immediately or disable 802.11r until the patch can be applied. We also recommend customers install the Windows, MacOS and iOS updates related to these vulnerabilities.
For more information please check out Cisco's websites: