CVE-2017-13082
Published: August 31, 2023Last modified: August 31, 2023
Description
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 |
Attack Vector | ADJACENT_NETWORK |
Attack complexity | LOW |
Privileges required | NONE |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | HIGH |
Integrity impact | HIGH |
Availability impact | NONE |
Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | 23 LTS | wpa_supplicant | Not affected (2.10-r4) |
Stream | wpa_supplicant | Not affected (2.10-r7) |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.debian.org/security/2017/dsa-3999
- http://www.kb.cert.org/vuls/id/228519
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039570
- http://www.securitytracker.com/id/1039571
- http://www.securitytracker.com/id/1039573
- http://www.securitytracker.com/id/1039581
- http://www.ubuntu.com/usn/USN-3455-1
- https://access.redhat.com/errata/RHSA-2017:2907
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://github.com/vanhoefm/krackattacks-test-ap-ft
- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
- https://security.gentoo.org/glsa/201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://support.lenovo.com/us/en/product_security/LEN-17420
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.krackattacks.com/