CVE-2017-13082

MEDIUM

Description

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

References

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

http://www.debian.org/security/2017/dsa-3999

http://www.kb.cert.org/vuls/id/228519

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.securityfocus.com/bid/101274

http://www.securitytracker.com/id/1039570

http://www.securitytracker.com/id/1039571

http://www.securitytracker.com/id/1039573

http://www.securitytracker.com/id/1039581

http://www.ubuntu.com/usn/USN-3455-1

https://access.redhat.com/errata/RHSA-2017:2907

https://access.redhat.com/security/vulnerabilities/kracks

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://cert.vde.com/en-us/advisories/vde-2017-005

https://github.com/vanhoefm/krackattacks-test-ap-ft

https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

https://security.gentoo.org/glsa/201711-03

https://source.android.com/security/bulletin/2017-11-01

https://support.lenovo.com/us/en/product_security/LEN-17420

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

https://www.krackattacks.com/

Details

Source: MITRE

Published: 2017-10-17

Updated: 2018-11-02

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 6.5

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH