CVE-2017-13082

high

Description

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

References

https://www.krackattacks.com/

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://support.lenovo.com/us/en/product_security/LEN-17420

https://source.android.com/security/bulletin/2017-11-01

https://security.gentoo.org/glsa/201711-03

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697

https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02

https://cert.vde.com/en-us/advisories/vde-2017-005

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://access.redhat.com/security/vulnerabilities/kracks

https://access.redhat.com/errata/RHSA-2017:2907

http://www.ubuntu.com/usn/USN-3455-1

http://www.securitytracker.com/id/1039581

http://www.securitytracker.com/id/1039573

http://www.securitytracker.com/id/1039571

http://www.securitytracker.com/id/1039570

http://www.securityfocus.com/bid/101274

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.kb.cert.org/vuls/id/228519

http://www.debian.org/security/2017/dsa-3999

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

Details

Source: Mitre, NVD

Published: 2017-10-17

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High