CVE-2017-13081

Description

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.3CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
• v2.0•LOW•Score: 2.9AV:A/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 1.11%• Percentile: 78%

Techniques & Countermeasures

• CWE-323•Reusing a Nonce, Key Pair in Encryption

  Nonces should be used for the present occasion and only once.

• CWE-330•Use of Insufficiently Random Values

  The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Affected Systems

• canonical•ubuntu_linux

  14.04 | 16.04 | 17.04

• debian•debian_linux

  8.0 | 9.0

• freebsd•freebsd

  10 | 10.4 | 11 | 11.1

• opensuse•leap

  42.2 | 42.3

• redhat•enterprise_linux_desktop

  7

• redhat•enterprise_linux_server

  7

• suse•linux_enterprise_desktop

  12:sp2 | 12:sp3

• suse•linux_enterprise_point_of_sale

  11:sp3

• suse•linux_enterprise_server

  11:sp3 | 11:sp4 | 12

• suse•openstack_cloud

  6

• w1.fi•hostapd

  0.2.4 | 0.2.5 | 0.2.6 | 0.2.8 | 0.3.7 | 0.3.9 | 0.3.10 | 0.3.11 | 0.4.7 | 0.4.8 | 0.4.9 | 0.4.10 | 0.4.11 | 0.5.7 | 0.5.8 | 0.5.9 | 0.5.10 | 0.5.11 | 0.6.8 | 0.6.9 | 0.6.10 | 0.7.3 | 1.0 | 1.1 | 2.0 | 2.1 | 2.2 | 2.3 | 2.4 | 2.5 | 2.6

• w1.fi•wpa_supplicant

  0.2.4 | 0.2.5 | 0.2.6 | 0.2.7 | 0.2.8 | 0.3.7 | 0.3.8 | 0.3.9 | 0.3.10 | 0.3.11 | 0.4.7 | 0.4.8 | 0.4.9 | 0.4.10 | 0.4.11 | 0.5.7 | 0.5.8 | 0.5.9 | 0.5.10 | 0.5.11 | 0.6.8 | 0.6.9 | 0.6.10 | 0.7.3 | 1.0 | 1.1 | 2.0 | 2.1 | 2.2 | 2.3 | 2.4 | 2.5 | 2.6

• wi-fi alliance•wi-fi protected access (wpa and wpa2)

  WPA | WPA2

References (26)

• http://www.securitytracker.com/id/1039581
• http://www.securityfocus.com/bid/101274
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
• http://www.debian.org/security/2017/dsa-3999
• http://www.securitytracker.com/id/1039578
• https://access.redhat.com/security/vulnerabilities/kracks
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
• https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
• http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
• http://www.securitytracker.com/id/1039577
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
• https://source.android.com/security/bulletin/2017-11-01
• https://security.gentoo.org/glsa/201711-03
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
• https://www.krackattacks.com/
• http://www.securitytracker.com/id/1039573
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
• http://www.securitytracker.com/id/1039576
• http://www.securitytracker.com/id/1039585
• http://www.kb.cert.org/vuls/id/228519
• https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
• https://cert.vde.com/en-us/advisories/vde-2017-005
• http://www.ubuntu.com/usn/USN-3455-1