CVE-2017-13081

medium

Description

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

References

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

https://access.redhat.com/security/vulnerabilities/kracks

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

https://security.gentoo.org/glsa/201711-03

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

http://www.debian.org/security/2017/dsa-3999

http://www.kb.cert.org/vuls/id/228519

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.securitytracker.com/id/1039573

http://www.securitytracker.com/id/1039576

http://www.securitytracker.com/id/1039577

http://www.securitytracker.com/id/1039578

http://www.securitytracker.com/id/1039581

http://www.securitytracker.com/id/1039585

http://www.ubuntu.com/usn/USN-3455-1

Details

Published: 2017-10-17

Risk Information

CVSS v2

Base Score: 2.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

Detections

Analytics