FreeBSD : FreeBSD -- WPA2 protocol vulnerability (1f8de723-dab3-11e7-b5af-a4badb2f4699)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Impact :
Such reinstallation of the encryption key can result in two different
types of vulnerabilities: disabling replay protection and
significantly reducing the security of encryption to the point of
allowing frames to be decrypted or some parts of the keys to be
determined by an attacker depending on which cipher is used.

See also :

http://www.nessus.org/u?997801f5

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 105063 ()

Bugtraq ID:

CVE ID: CVE-2017-1307
CVE-2017-1308

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now