Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)

high Nessus Plugin ID 103875

Language:

Synopsis

The remote networking device is affected by KRACK.

Description

According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol.

Solution

Upgrade to UniFi OS 3.9.3.7537 or later.

See Also

http://www.nessus.org/u?ca6adaa9

https://www.krackattacks.com/

Plugin Details

Severity: High

ID: 103875

File Name: ubnt_unifi_krack.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 10/17/2017

Updated: 11/12/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2017-13082

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/o:ubnt:unifi

Required KB Items: Host/UBNT_UniFi/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/17/2017

Vulnerability Publication Date: 10/12/2017

Reference Information

CVE: CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

BID: 101274

IAVA: 2017-A-0310