Vulnerability Details : CVE-2017-13080
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Products affected by CVE-2017-13080
- cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*
- cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-13080
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-13080
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:N/I:P/A:N |
5.5
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2017-13080
-
Nonces should be used for the present occasion and only once.Assigned by: cret@cert.org (Secondary)
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-13080
-
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory
-
https://support.apple.com/HT208327
About the security content of tvOS 11.2 - Apple Support
-
http://www.securitytracker.com/id/1039703
Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Modify Data, and Cause Denial of Service Conditions, Local and Remote Users Obtain Potentially Sensitive Information, and Applications
-
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
-
https://cert.vde.com/en-us/advisories/vde-2017-003
PHOENIX CONTACT WLAN enabled devices utilising WPA2 encryption (Update B) — English (USA)
-
https://support.apple.com/HT208334
About the security content of iOS 11.2 - Apple Support
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
[SECURITY] [DLA 1573-1] firmware-nonfree security update
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018
-
https://www.krackattacks.com/
KRACK Attacks: Breaking WPA2Technical Description;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2907
RHSA-2017:2907 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT208325
About the security content of watchOS 4.2 - Apple Support
-
https://cert.vde.com/en-us/advisories/vde-2017-005
PEPPERL+FUCHS / ecom instruments WLAN enabled products utilizing WPA2 encryption (Update A) — English (USA)
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018
-
https://source.android.com/security/bulletin/2017-11-01
Android Security Bulletin—November 2017 | Android Open Source Project
-
https://support.lenovo.com/us/en/product_security/LEN-17420
502 Bad GatewayThird Party Advisory
-
http://www.debian.org/security/2017/dsa-3999
Debian -- Security Information -- DSA-3999-1 wpaThird Party Advisory
-
https://support.apple.com/HT208220
About the security content of watchOS 4.1 - Apple Support
-
http://www.securitytracker.com/id/1039577
Juniper ScreenOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
[security-announce] SUSE-SU-2017:2745-1: important: Security update forThird Party Advisory
-
http://www.kb.cert.org/vuls/id/228519
VU#228519 - Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuseThird Party Advisory;US Government Resource
-
https://security.gentoo.org/glsa/201711-03
hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (GLSA 201711-03) — Gentoo security
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Third Party Advisory
-
http://www.securitytracker.com/id/1039581
ArubaOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
INTEL-SA-00402
-
http://www.securitytracker.com/id/1039578
Cisco IP Phones WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-3455-1
USN-3455-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
[SECURITY] [DLA 1200-1] linux security update
-
https://support.apple.com/HT208222
About the security content of iOS 11.1 - Apple Support
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation VulnerabilityVendor Advisory
-
https://access.redhat.com/security/vulnerabilities/kracks
KRACKs - wpa_supplicant Multiple Vulnerabilities - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT208221
About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support
-
https://access.redhat.com/errata/RHSA-2017:2911
RHSA-2017:2911 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
[security-announce] SUSE-SU-2017:2752-1: important: Security update forThird Party Advisory
-
http://www.securityfocus.com/bid/101274
WPA2 Key Reinstallation Multiple Security WeaknessesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039585
Fortinet FortiOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
https://support.apple.com/HT208219
About the security content of tvOS 11.1 - Apple Support
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access IIThird Party Advisory
-
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Third Party Advisory
-
http://www.securitytracker.com/id/1039572
Microsoft Windows WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039576
Juniper Junos SRX Series WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
HPESBHF03792 rev.1 - HPE 501 Client Bridge, Aruba 501 Client Bridge, and HPE M111 Client Bridge - WPA2 Key Re-installation Vulnerabilities, Disclosure of information
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
[security-announce] openSUSE-SU-2017:2755-1: important: Security updateThird Party Advisory
-
http://www.securitytracker.com/id/1039573
wpa_supplicant WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
Jump to