CVE-2017-13081

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

CVSS v3.0 5.3 MEDIUM
CVSS v2.0 2.9 LOW

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.krackattacks.com/	Technical Description Third Party Advisory
http://www.kb.cert.org/vuls/id/228519	Third Party Advisory US Government Resource
http://www.securitytracker.com/id/1039585	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039581	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039578	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039577	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039576	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039573	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101274	Third Party Advisory VDB Entry
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa	Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc	Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks	Third Party Advisory
http://www.ubuntu.com/usn/USN-3455-1	Third Party Advisory
http://www.debian.org/security/2017/dsa-3999	Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html	Third Party Advisory
https://security.gentoo.org/glsa/201711-03
https://source.android.com/security/bulletin/2017-11-01
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
https://cert.vde.com/en-us/advisories/vde-2017-005
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:freebsd:freebsd:11:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7:::::::*
	cpe:2.3:o:freebsd:freebsd:10.4:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:17.04:::::::*
	cpe:2.3:o:opensuse:leap:42.2:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:freebsd:freebsd:11.1:::::::*
	cpe:2.3:o:freebsd:freebsd:10:::::::*
	cpe:2.3:o:freebsd:freebsd::::::::
	cpe:2.3:o:opensuse:leap:42.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:w1.fi:hostapd:2.4:::::::*
	cpe:2.3:a:w1.fi:hostapd:2.3:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.6.9:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.6.8:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.4.10:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.4.9:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.2.8:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.2.6:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:2.1:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:2.0:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:::::::*
	cpe:2.3:a:w1.fi:hostapd:2.0:::::::*
	cpe:2.3:a:w1.fi:hostapd:1.1:::::::*
	cpe:2.3:a:w1.fi:hostapd:1.0:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.5.9:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.5.8:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.3.11:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.3.10:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:2.6:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:2.5:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:2.4:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:::::::*
	cpe:2.3:a:w1.fi:hostapd:2.6:::::::*
	cpe:2.3:a:w1.fi:hostapd:2.5:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.7.3:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.6.10:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.5.7:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.4.11:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.3.9:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.3.7:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:2.3:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:2.2:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:::::::*
	cpe:2.3:a:w1.fi:hostapd:2.2:::::::*
	cpe:2.3:a:w1.fi:hostapd:2.1:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.5.11:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.5.10:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.4.8:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.4.7:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.2.5:::::::*
	cpe:2.3:a:w1.fi:hostapd:0.2.4:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:1.1:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:1.0:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:::::::*
	cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:12::::ltss:::
	cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::ltss::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2::::::
	cpe:2.3:o:suse:openstack_cloud:6:::::::*

Information

Published : 2017-10-17 13:29

Updated : 2019-10-03 00:03

NVD link : CVE-2017-13081

Mitre link : CVE-2017-13081

JSON object : View

Products Affected

canonical

ubuntu_linux

debian

debian_linux

freebsd

freebsd

redhat

enterprise_linux_server
enterprise_linux_desktop

suse

openstack_cloud
linux_enterprise_server
linux_enterprise_desktop
linux_enterprise_point_of_sale

w1.fi

hostapd
wpa_supplicant

opensuse

leap

CWE

CWE-330

Use of Insufficiently Random Values

5.3 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.9 /10

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

5.3^/10

2.9^/10