ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The version of ArubaOS is affected by a MitM vulnerability.

Description :

The version of ArubaOS on the remote device is affected by
multiple vulnerabilities related to the KRACK attacks. This may
allow an attacker to decrypt, replay, and forge some frames on
a WPA2 encrypted network.

Note: ArbuaOS devices are only vulnerable to CVE-2017-13077,
CVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081
while operating as a Wi-Fi supplicant in Mesh mode.

See also :

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

Solution :

Upgrade to 6.3.1.25 / 6.4.4.16 / 6.5.1.9
/ 6.5.3.3 / 6.5.4.2 / 8.1.0.4 or later.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 103855 ()

Bugtraq ID:

CVE ID: CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now