Vulnerability Details : CVE-2017-13080

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Published 2017-10-17 13:29:00

Updated 2020-11-10 21:15:12

Source CERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-13080

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-13080

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
2.9	LOW	AV:A/AC:M/Au:N/C:N/I:P/A:N	5.5	2.9	nvd@nist.gov
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	1.6	3.6	nvd@nist.gov
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2017-13080

CWE-323 Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

Assigned by: cret@cert.org (Secondary)
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-13080

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208327

About the security content of tvOS 11.2 - Apple Support

CVEs referencing this url
http://www.securitytracker.com/id/1039703

Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Modify Data, and Cause Denial of Service Conditions, Local and Remote Users Obtain Potentially Sensitive Information, and Applications

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

CVEs referencing this url
https://cert.vde.com/en-us/advisories/vde-2017-003

PHOENIX CONTACT WLAN enabled devices utilising WPA2 encryption (Update B) — English (USA)

CVEs referencing this url
https://support.apple.com/HT208334

About the security content of iOS 11.2 - Apple Support

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

[SECURITY] [DLA 1573-1] firmware-nonfree security update

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Oracle Critical Patch Update - April 2018

CVEs referencing this url
https://www.krackattacks.com/

KRACK Attacks: Breaking WPA2
Technical Description;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2907

RHSA-2017:2907 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208325

About the security content of watchOS 4.2 - Apple Support

CVEs referencing this url
https://cert.vde.com/en-us/advisories/vde-2017-005

PEPPERL+FUCHS / ecom instruments WLAN enabled products utilizing WPA2 encryption (Update A) — English (USA)

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Oracle Critical Patch Update - January 2018

CVEs referencing this url
https://source.android.com/security/bulletin/2017-11-01

Android Security Bulletin—November 2017 | Android Open Source Project

CVEs referencing this url
https://support.lenovo.com/us/en/product_security/LEN-17420

502 Bad Gateway
Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2017/dsa-3999

Debian -- Security Information -- DSA-3999-1 wpa
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208220

About the security content of watchOS 4.1 - Apple Support

CVEs referencing this url
http://www.securitytracker.com/id/1039577

Juniper ScreenOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

[security-announce] SUSE-SU-2017:2745-1: important: Security update for
Third Party Advisory

CVEs referencing this url
http://www.kb.cert.org/vuls/id/228519

VU#228519 - Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse
Third Party Advisory;US Government Resource

CVEs referencing this url
https://security.gentoo.org/glsa/201711-03

hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (GLSA 201711-03) — Gentoo security

CVEs referencing this url
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1039581

ArubaOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

INTEL-SA-00402
http://www.securitytracker.com/id/1039578

Cisco IP Phones WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3455-1

USN-3455-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

[SECURITY] [DLA 1200-1] linux security update

CVEs referencing this url
https://support.apple.com/HT208222

About the security content of iOS 11.1 - Apple Support

CVEs referencing this url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability
Vendor Advisory
https://access.redhat.com/security/vulnerabilities/kracks

KRACKs - wpa_supplicant Multiple Vulnerabilities - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208221

About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2911

RHSA-2017:2911 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

[security-announce] SUSE-SU-2017:2752-1: important: Security update for
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/101274

WPA2 Key Reinstallation Multiple Security Weaknesses
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id/1039585

Fortinet FortiOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://support.apple.com/HT208219

About the security content of tvOS 11.1 - Apple Support

CVEs referencing this url
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
Third Party Advisory

CVEs referencing this url
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1039572

Microsoft Windows WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Modify Data on the Target Wireless Network - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1039576

Juniper Junos SRX Series WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us

HPESBHF03792 rev.1 - HPE 501 Client Bridge, Aruba 501 Client Bridge, and HPE M111 Client Bridge - WPA2 Key Re-installation Vulnerabilities, Disclosure of information

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

[security-announce] openSUSE-SU-2017:2755-1: important: Security update
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1039573

wpa_supplicant WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2017-13080

Freebsd » Freebsd
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10
cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.4
cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11
cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 11.1
cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7
cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7
cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 12 Update SP2
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 12 Update SP3
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP4
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP3 For Ltss
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 12 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*
Matching versions
Suse » Openstack Cloud » Version: 6
cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Point Of Sale » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.04
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.2
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.3
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.7.3
cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 1.0
cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 1.1
cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 2.2
cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 2.0
cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 2.1
cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 2.3
cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 2.4
cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 2.5
cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.6.10
cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.6.9
cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.4.11
cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.4.10
cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.3.7
cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.2.8
cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.5.10
cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.5.9
cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.4.7
cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.3.11
cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.2.4
cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 2.6
cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.5.8
cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.5.7
cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.3.10
cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.3.9
cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.6.8
cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.5.11
cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.4.9
cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.4.8
cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.2.6
cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
Matching versions
W1.fi » Hostapd » Version: 0.2.5
cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 2.0
cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 2.1
cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 2.2
cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 1.0
cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 1.1
cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 2.3
cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 2.4
cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.7.3
cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.6.8
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.5.11
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.4.9
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.4.8
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.2.7
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.2.6
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 2.6
cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 2.5
cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.5.8
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.5.7
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.3.9
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.3.8
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.6.10
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.6.9
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.4.11
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.4.10
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.3.7
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.2.8
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.5.10
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.5.9
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.4.7
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.3.11
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.3.10
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.2.5
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
Matching versions
W1.fi » Wpa Supplicant » Version: 0.2.4
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
Matching versions