CVE-2017-13080

medium

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

References

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

https://access.redhat.com/errata/RHSA-2017:2907

https://access.redhat.com/errata/RHSA-2017:2911

https://access.redhat.com/security/vulnerabilities/kracks

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

https://security.gentoo.org/glsa/201711-03

https://support.apple.com/HT208219

https://support.apple.com/HT208220

https://support.apple.com/HT208221

https://support.apple.com/HT208222

https://support.apple.com/HT208325

https://support.apple.com/HT208327

https://support.apple.com/HT208334

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html

http://www.debian.org/security/2017/dsa-3999

http://www.kb.cert.org/vuls/id/228519

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.securitytracker.com/id/1039572

http://www.securitytracker.com/id/1039573

http://www.securitytracker.com/id/1039576

http://www.securitytracker.com/id/1039577

http://www.securitytracker.com/id/1039578

http://www.securitytracker.com/id/1039581

http://www.securitytracker.com/id/1039585

http://www.securitytracker.com/id/1039703

http://www.ubuntu.com/usn/USN-3455-1

Details

Source: Mitre, NVD

Published: 2017-10-17

Risk Information

CVSS v2

Base Score: 2.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium