Detections
Analytics

CVE-2017-13080

medium

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

References

https://www.krackattacks.com/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://support.lenovo.com/us/en/product_security/LEN-17420

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us

https://support.apple.com/HT208334

https://support.apple.com/HT208327

https://support.apple.com/HT208325

https://support.apple.com/HT208222

https://support.apple.com/HT208221

https://support.apple.com/HT208220

https://support.apple.com/HT208219

https://source.android.com/security/bulletin/2017-11-01

https://security.gentoo.org/glsa/201711-03

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

https://cert.vde.com/en-us/advisories/vde-2017-005

https://cert.vde.com/en-us/advisories/vde-2017-003

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://access.redhat.com/security/vulnerabilities/kracks

https://access.redhat.com/errata/RHSA-2017:2911

https://access.redhat.com/errata/RHSA-2017:2907

http://www.ubuntu.com/usn/USN-3455-1

http://www.securitytracker.com/id/1039703

http://www.securitytracker.com/id/1039585

http://www.securitytracker.com/id/1039581

http://www.securitytracker.com/id/1039578

http://www.securitytracker.com/id/1039577

http://www.securitytracker.com/id/1039576

http://www.securitytracker.com/id/1039573

http://www.securitytracker.com/id/1039572

http://www.securityfocus.com/bid/101274

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.kb.cert.org/vuls/id/228519

http://www.debian.org/security/2017/dsa-3999

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

Details

Source: Mitre, NVD

Published: 2017-10-17

Updated: 2020-11-10

Risk Information

CVSS v2

Base Score: 2.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium