Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK)

High Nessus Plugin ID 103875

Synopsis

The remote networking device is affected by KRACK.

Description

According to its self-reported version, the remote networking device is running a version of UniFi OS prior to 3.9.3.7537. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol.

Solution

Upgrade to UniFi OS 3.9.3.7537 or later.

See Also

http://www.nessus.org/u?ca6adaa9

https://www.krackattacks.com/

Plugin Details

Severity: High

ID: 103875

File Name: ubnt_unifi_krack.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 2017/10/17

Updated: 2018/08/03

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/o:ubnt:unifi

Required KB Items: Host/UBNT_UniFi/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/10/17

Vulnerability Publication Date: 2017/10/12

Reference Information

CVE: CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

BID: 101274

IAVA: 2017-A-0310