CVE-2017-13081 Information
Description
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake allowing an attacker within radio range to spoof frames from access points to clients.
CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Reference
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt http://www.debian.org/security/2017/dsa-3999 http://www.kb.cert.org/vuls/id/228519 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/101274 http://www.securitytracker.com/id/1039573 http://www.securitytracker.com/id/1039576 http://www.securitytracker.com/id/1039577 http://www.securitytracker.com/id/1039578 http://www.securitytracker.com/id/1039581 http://www.securitytracker.com/id/1039585 http://www.ubuntu.com/usn/USN-3455-1 https://access.redhat.com/security/vulnerabilities/kracks https://cert.vde.com/en-us/advisories/vde-2017-005 https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc https://security.gentoo.org/glsa/201711-03 https://source.android.com/security/bulletin/2017-11-01 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://www.krackattacks.com/
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
5.3
Share on: