Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
http://www.debian.org/security/2017/dsa-3999
http://www.kb.cert.org/vuls/id/228519
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/101274
http://www.securitytracker.com/id/1039573
http://www.securitytracker.com/id/1039576
http://www.securitytracker.com/id/1039577
http://www.securitytracker.com/id/1039578
http://www.securitytracker.com/id/1039581
http://www.securitytracker.com/id/1039585
http://www.ubuntu.com/usn/USN-3455-1
https://access.redhat.com/security/vulnerabilities/kracks
https://cert.vde.com/en-us/advisories/vde-2017-005
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
https://security.gentoo.org/glsa/201711-03
https://source.android.com/security/bulletin/2017-11-01
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
https://support.lenovo.com/us/en/product_security/LEN-17420
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Source: MITRE
Published: 2017-10-17
Updated: 2019-10-03
Type: CWE-330
Base Score: 2.9
Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 5.5
Severity: LOW
Base Score: 5.3
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 1.6
Severity: MEDIUM
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
OR
cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
OR
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
143704 | SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143627 | SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143321 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143304 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK) | Nessus | SuSE Local Security Checks | medium |
124925 | EulerOS Virtualization 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1422) | Nessus | Huawei Local Security Checks | medium |
124917 | EulerOS Virtualization for ARM 64 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1414) | Nessus | Huawei Local Security Checks | medium |
118888 | Debian DLA-1573-1 : firmware-nonfree security update (KRACK) | Nessus | Debian Local Security Checks | critical |
109037 | pfSense < 2.3.5 Multiple Vulnerabilities (KRACK) | Nessus | Firewalls | high |
106004 | Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK) | Nessus | Fedora Local Security Checks | medium |
105654 | Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK) | Nessus | Firewalls | medium |
105653 | Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK) | Nessus | Firewalls | medium |
104577 | EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242) | Nessus | Huawei Local Security Checks | medium |
104576 | EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241) | Nessus | Huawei Local Security Checks | medium |
104511 | GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK) | Nessus | Gentoo Local Security Checks | medium |
104299 | Debian DLA-1150-1 : wpa security update (KRACK) | Nessus | Debian Local Security Checks | medium |
104237 | openSUSE Security Update : hostapd (openSUSE-2017-1201) (KRACK) | Nessus | SuSE Local Security Checks | medium |
104076 | openSUSE Security Update : wpa_supplicant (openSUSE-2017-1163) (KRACK) | Nessus | SuSE Local Security Checks | low |
103944 | Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK) | Nessus | Slackware Local Security Checks | medium |
103920 | SUSE SLES11 Security Update : wpa_supplicant (SUSE-SU-2017:2752-1) (KRACK) | Nessus | SuSE Local Security Checks | low |
103917 | SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2017:2745-1) (KRACK) | Nessus | SuSE Local Security Checks | low |
103896 | Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK) | Nessus | Fedora Local Security Checks | medium |
103884 | Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK) | Nessus | Fedora Local Security Checks | medium |
103875 | Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK) | Nessus | Misc. | medium |
103873 | Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK) | Nessus | Firewalls | medium |
103863 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : wpa vulnerabilities (USN-3455-1) (KRACK) | Nessus | Ubuntu Local Security Checks | medium |
103862 | FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK) | Nessus | FreeBSD Local Security Checks | medium |
103859 | Debian DSA-3999-1 : wpa - security update (KRACK) | Nessus | Debian Local Security Checks | medium |
103857 | MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK) | Nessus | Misc. | medium |
103856 | Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK) | Nessus | CISCO | medium |
103855 | ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK) | Nessus | Misc. | medium |