5.3

CVE-2017-13080

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.04
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
FreebsdFreebsd Version10
FreebsdFreebsd Version10.4
FreebsdFreebsd Version11
FreebsdFreebsd Version11.1
OpensuseLeap Version42.2
OpensuseLeap Version42.3
W1.FiHostapd Version0.2.4
W1.FiHostapd Version0.2.5
W1.FiHostapd Version0.2.6
W1.FiHostapd Version0.2.8
W1.FiHostapd Version0.3.7
W1.FiHostapd Version0.3.9
W1.FiHostapd Version0.3.10
W1.FiHostapd Version0.3.11
W1.FiHostapd Version0.4.7
W1.FiHostapd Version0.4.8
W1.FiHostapd Version0.4.9
W1.FiHostapd Version0.4.10
W1.FiHostapd Version0.4.11
W1.FiHostapd Version0.5.7
W1.FiHostapd Version0.5.8
W1.FiHostapd Version0.5.9
W1.FiHostapd Version0.5.10
W1.FiHostapd Version0.5.11
W1.FiHostapd Version0.6.8
W1.FiHostapd Version0.6.9
W1.FiHostapd Version0.6.10
W1.FiHostapd Version0.7.3
W1.FiHostapd Version1.0
W1.FiHostapd Version1.1
W1.FiHostapd Version2.0
W1.FiHostapd Version2.1
W1.FiHostapd Version2.2
W1.FiHostapd Version2.3
W1.FiHostapd Version2.4
W1.FiHostapd Version2.5
W1.FiHostapd Version2.6
W1.FiWpa Supplicant Version0.2.4
W1.FiWpa Supplicant Version0.2.5
W1.FiWpa Supplicant Version0.2.6
W1.FiWpa Supplicant Version0.2.7
W1.FiWpa Supplicant Version0.2.8
W1.FiWpa Supplicant Version0.3.7
W1.FiWpa Supplicant Version0.3.8
W1.FiWpa Supplicant Version0.3.9
W1.FiWpa Supplicant Version0.3.10
W1.FiWpa Supplicant Version0.3.11
W1.FiWpa Supplicant Version0.4.7
W1.FiWpa Supplicant Version0.4.8
W1.FiWpa Supplicant Version0.4.9
W1.FiWpa Supplicant Version0.4.10
W1.FiWpa Supplicant Version0.4.11
W1.FiWpa Supplicant Version0.5.7
W1.FiWpa Supplicant Version0.5.8
W1.FiWpa Supplicant Version0.5.9
W1.FiWpa Supplicant Version0.5.10
W1.FiWpa Supplicant Version0.5.11
W1.FiWpa Supplicant Version0.6.8
W1.FiWpa Supplicant Version0.6.9
W1.FiWpa Supplicant Version0.6.10
W1.FiWpa Supplicant Version0.7.3
W1.FiWpa Supplicant Version1.0
W1.FiWpa Supplicant Version1.1
W1.FiWpa Supplicant Version2.0
W1.FiWpa Supplicant Version2.1
W1.FiWpa Supplicant Version2.2
W1.FiWpa Supplicant Version2.3
W1.FiWpa Supplicant Version2.4
W1.FiWpa Supplicant Version2.5
W1.FiWpa Supplicant Version2.6
SuseLinux Enterprise Desktop Version12 Updatesp2
SuseLinux Enterprise Desktop Version12 Updatesp3
SuseLinux Enterprise Point Of Sale Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformltss
SuseLinux Enterprise Server Version11 Updatesp4
SuseLinux Enterprise Server Version12 SwEditionltss
SuseOpenstack Cloud Version6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.29% 0.809
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 2.9 5.5 2.9
AV:A/AC:M/Au:N/C:N/I:P/A:N
CWE-323 Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
http://www.ubuntu.com/usn/USN-3455-1
Third Party Advisory
https://support.apple.com/HT208221
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://source.android.com/security/bulletin/2017-11-01
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory
http://www.debian.org/security/2017/dsa-3999
Third Party Advisory
http://www.kb.cert.org/vuls/id/228519
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/101274
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039573
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039576
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039577
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039578
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039581
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039585
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2907
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2911
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
https://cert.vde.com/en-us/advisories/vde-2017-003
https://cert.vde.com/en-us/advisories/vde-2017-005
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Third Party Advisory
https://security.gentoo.org/glsa/201711-03
https://support.apple.com/HT208219
https://support.apple.com/HT208220
https://support.apple.com/HT208222
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
https://support.lenovo.com/us/en/product_security/LEN-17420
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Third Party Advisory
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Third Party Advisory
https://www.krackattacks.com/
Third Party Advisory
Technical Description
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
Third Party Advisory
http://www.securitytracker.com/id/1039572
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039703
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
Vendor Advisory
https://support.apple.com/HT208325
https://support.apple.com/HT208327
https://support.apple.com/HT208334
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html