Vulnerability Details : CVE-2017-13081
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Products affected by CVE-2017-13081
- cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*
- cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-13081
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-13081
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:N/I:P/A:N |
5.5
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2017-13081
-
Nonces should be used for the present occasion and only once.Assigned by: cret@cert.org (Secondary)
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-13081
-
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
[SECURITY] [DLA 1573-1] firmware-nonfree security update
-
https://www.krackattacks.com/
KRACK Attacks: Breaking WPA2Technical Description;Third Party Advisory
-
https://cert.vde.com/en-us/advisories/vde-2017-005
PEPPERL+FUCHS / ecom instruments WLAN enabled products utilizing WPA2 encryption (Update A) — English (USA)
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018
-
https://source.android.com/security/bulletin/2017-11-01
Android Security Bulletin—November 2017 | Android Open Source Project
-
http://www.debian.org/security/2017/dsa-3999
Debian -- Security Information -- DSA-3999-1 wpaThird Party Advisory
-
http://www.securitytracker.com/id/1039577
Juniper ScreenOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
[security-announce] SUSE-SU-2017:2745-1: important: Security update forThird Party Advisory
-
http://www.kb.cert.org/vuls/id/228519
VU#228519 - Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuseThird Party Advisory;US Government Resource
-
https://security.gentoo.org/glsa/201711-03
hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (GLSA 201711-03) — Gentoo security
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Third Party Advisory
-
http://www.securitytracker.com/id/1039581
ArubaOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039578
Cisco IP Phones WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-3455-1
USN-3455-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/security/vulnerabilities/kracks
KRACKs - wpa_supplicant Multiple Vulnerabilities - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
[security-announce] SUSE-SU-2017:2752-1: important: Security update forThird Party Advisory
-
http://www.securityfocus.com/bid/101274
WPA2 Key Reinstallation Multiple Security WeaknessesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039585
Fortinet FortiOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access IIThird Party Advisory
-
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Third Party Advisory
-
http://www.securitytracker.com/id/1039576
Juniper Junos SRX Series WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
HPESBHF03792 rev.1 - HPE 501 Client Bridge, Aruba 501 Client Bridge, and HPE M111 Client Bridge - WPA2 Key Re-installation Vulnerabilities, Disclosure of information
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
[security-announce] openSUSE-SU-2017:2755-1: important: Security updateThird Party Advisory
-
http://www.securitytracker.com/id/1039573
wpa_supplicant WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTrackerThird Party Advisory;VDB Entry
Jump to