CVE-2017-13086

MEDIUM

Details

Source: MITRE

Published: 2017-10-17

Updated: 2019-10-03

Type: CWE-330

Risk Information

CVSS v2.0

Base Score: 5.4

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 5.5

Severity: MEDIUM

CVSS v3.0

Base Score: 6.8

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*

cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*

cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
143704SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK)NessusSuSE Local Security Checks
medium
143627SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK)NessusSuSE Local Security Checks
medium
143321openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK)NessusSuSE Local Security Checks
medium
143304openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)NessusSuSE Local Security Checks
medium
124925EulerOS Virtualization 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1422)NessusHuawei Local Security Checks
medium
124917EulerOS Virtualization for ARM 64 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1414)NessusHuawei Local Security Checks
medium
109037pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)NessusFirewalls
high
104581Virtuozzo 7 : wpa_supplicant (VZLSA-2017-2907)NessusVirtuozzo Local Security Checks
medium
104577EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)NessusHuawei Local Security Checks
medium
104576EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)NessusHuawei Local Security Checks
medium
104511GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)NessusGentoo Local Security Checks
medium
104299Debian DLA-1150-1 : wpa security update (KRACK)NessusDebian Local Security Checks
medium
103960Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20171018) (KRACK)NessusScientific Linux Local Security Checks
medium
103944Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)NessusSlackware Local Security Checks
medium
103916RHEL 7 : wpa_supplicant (RHSA-2017:2907) (KRACK)NessusRed Hat Local Security Checks
medium
103914Oracle Linux 7 : wpa_supplicant (ELSA-2017-2907) (KRACK)NessusOracle Linux Local Security Checks
medium
103881CentOS 7 : wpa_supplicant (CESA-2017:2907) (KRACK)NessusCentOS Local Security Checks
medium
103875Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)NessusMisc.
medium
103863Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : wpa vulnerabilities (USN-3455-1) (KRACK)NessusUbuntu Local Security Checks
medium
103862FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK)NessusFreeBSD Local Security Checks
medium
103859Debian DSA-3999-1 : wpa - security update (KRACK)NessusDebian Local Security Checks
medium
103857MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)NessusMisc.
medium
103856Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)NessusCISCO
medium