CVE-2017-13084

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

References

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

http://www.kb.cert.org/vuls/id/228519

http://www.securityfocus.com/bid/101274

http://www.securitytracker.com/id/1039576

http://www.securitytracker.com/id/1039577

http://www.securitytracker.com/id/1039581

https://access.redhat.com/security/vulnerabilities/kracks

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://security.gentoo.org/glsa/201711-03

https://support.lenovo.com/us/en/product_security/LEN-17420

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

https://www.krackattacks.com/

Details

Source: MITRE

Published: 2017-10-17

Updated: 2019-10-03

Type: CWE-330

Risk Information

CVSS v2

Base Score: 5.4

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 5.5

Severity: MEDIUM

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*

cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
109037pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)NessusFirewalls
critical
104511GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)NessusGentoo Local Security Checks
high
103944Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)NessusSlackware Local Security Checks
high
103875Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)NessusMisc.
high
103862FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK)NessusFreeBSD Local Security Checks
high
103857MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)NessusMisc.
high
103856Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)NessusCISCO
high