CVE-2017-13081
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Known Affected Software
82 configuration(s) from 7 vendor(s)
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
17.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
16.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
debian_linux
Version:
8.0
CPE:
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debian_linux
Version:
9.0
CPE:
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
freebsd
Version:
11.1
CPE:
cpe:2.3:o:freebsd:freebsd:11.1:p15:*:*:*:*:*:*
freebsd
Version:
10
CPE:
cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*
freebsd
Version:
11
CPE:
cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*
freebsd
Version:
10.4
CPE:
cpe:2.3:o:freebsd:freebsd:10.4:-:*:*:*:*:*:*
leap
Version:
42.3
CPE:
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
leap
Version:
42.2
CPE:
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
7
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
linux_enterprise_server
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:*:*:*
linux_enterprise_point_of_sale
Version:
11
CPE:
cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
openstack_cloud
Version:
6
CPE:
cpe:2.3:a:suse:openstack_cloud:6:*:*:*:*:*:*:*
hostapd
Version:
0.6.10
CPE:
cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*
hostapd
Version:
0.3.9
CPE:
cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.2.7
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.3.9
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.4.9
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.4.10
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.6.9
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.2.8
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*
wpa_supplicant
Version:
2.5
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.5.10
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*
hostapd
Version:
2.1
CPE:
cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
wpa_supplicant
Version:
2.4
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.3.11
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*
hostapd
Version:
2.0
CPE:
cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.2.6
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*
hostapd
Version:
2.6
CPE:
cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*
wpa_supplicant
Version:
2.6
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
hostapd
Version:
0.5.10
CPE:
cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*
hostapd
Version:
0.4.10
CPE:
cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*
hostapd
Version:
0.5.9
CPE:
cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.2.5
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*
hostapd
Version:
2.5
CPE:
cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*
hostapd
Version:
0.3.11
CPE:
cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*
hostapd
Version:
0.7.3
CPE:
cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
wpa_supplicant
Version:
1.1
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
hostapd
Version:
0.5.8
CPE:
cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.5.11
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*
hostapd
Version:
0.3.7
CPE:
cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.4.8
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*
hostapd
Version:
0.4.8
CPE:
cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.5.7
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*
hostapd
Version:
0.2.4
CPE:
cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*
hostapd
Version:
1.0
CPE:
cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.5.9
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*
hostapd
Version:
0.2.6
CPE:
cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.6.8
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*
hostapd
Version:
2.3
CPE:
cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.7.3
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
hostapd
Version:
0.5.11
CPE:
cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*
wpa_supplicant
Version:
2.0
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
hostapd
Version:
0.2.8
CPE:
cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.3.7
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.3.10
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.5.8
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*
hostapd
Version:
0.3.10
CPE:
cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*
hostapd
Version:
0.5.7
CPE:
cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*
hostapd
Version:
0.6.8
CPE:
cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*
wpa_supplicant
Version:
1.0
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.4.11
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*
hostapd
Version:
0.2.5
CPE:
cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*
hostapd
Version:
0.6.9
CPE:
cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*
hostapd
Version:
0.4.9
CPE:
cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*
wpa_supplicant
Version:
2.3
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.4.7
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*
hostapd
Version:
1.1
CPE:
cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
wpa_supplicant
Version:
2.1
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.2.4
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.6.10
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*
hostapd
Version:
2.2
CPE:
cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
wpa_supplicant
Version:
2.2
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
hostapd
Version:
0.4.11
CPE:
cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*
hostapd
Version:
2.4
CPE:
cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
wpa_supplicant
Version:
0.3.8
CPE:
cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*
hostapd
Version:
0.4.7
CPE:
cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*
This vulnerability affects 82 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.htmlcret@cert.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.htmlcret@cert.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.htmlcret@cert.org Third Party Advisory
-
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txtcret@cert.org Third Party Advisory
-
http://www.debian.org/security/2017/dsa-3999cret@cert.org Third Party Advisory
-
http://www.kb.cert.org/vuls/id/228519cret@cert.org Third Party Advisory US Government Resource
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlcret@cert.org
-
http://www.securityfocus.com/bid/101274cret@cert.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039573cret@cert.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039576cret@cert.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039577cret@cert.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039578cret@cert.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039581cret@cert.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039585cret@cert.org Third Party Advisory VDB Entry
-
http://www.ubuntu.com/usn/USN-3455-1cret@cert.org Third Party Advisory
-
https://access.redhat.com/security/vulnerabilities/krackscret@cert.org Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdfcret@cert.org
-
https://cert.vde.com/en-us/advisories/vde-2017-005cret@cert.org
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.htmlcret@cert.org
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asccret@cert.org Third Party Advisory
-
https://security.gentoo.org/glsa/201711-03cret@cert.org
-
https://source.android.com/security/bulletin/2017-11-01cret@cert.org
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_uscret@cert.org
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpacret@cert.org Third Party Advisory
-
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txtcret@cert.org Third Party Advisory
-
https://www.krackattacks.com/cret@cert.org Technical Description Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txtaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.debian.org/security/2017/dsa-3999af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.kb.cert.org/vuls/id/228519af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory US Government Resource
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/101274af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039573af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039576af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039577af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039578af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039581af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039585af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.ubuntu.com/usn/USN-3455-1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://access.redhat.com/security/vulnerabilities/kracksaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdfaf854a3a-2127-422b-91ae-364da2661108
-
https://cert.vde.com/en-us/advisories/vde-2017-005af854a3a-2127-422b-91ae-364da2661108
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.ascaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security.gentoo.org/glsa/201711-03af854a3a-2127-422b-91ae-364da2661108
-
https://source.android.com/security/bulletin/2017-11-01af854a3a-2127-422b-91ae-364da2661108
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_usaf854a3a-2127-422b-91ae-364da2661108
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpaaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txtaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.krackattacks.com/af854a3a-2127-422b-91ae-364da2661108 Technical Description Third Party Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-323
Reusing a Nonce, Key Pair in Encryption
- Description
- Nonces should be used for the present occasion and only once.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- October 17, 2017
