CVE-2017-13081

EPSS 0.25%
Veröffentlicht 17.10.2017 13:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 29

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.04

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Freebsd ≫ Freebsd

Freebsd ≫ Freebsd Version10

Freebsd ≫ Freebsd Version10.4

Freebsd ≫ Freebsd Version11

Freebsd ≫ Freebsd Version11.1

Opensuse ≫ Leap Version42.2

Opensuse ≫ Leap Version42.3

Redhat ≫ Enterprise Linux Desktop Version7

Redhat ≫ Enterprise Linux Server Version7

W1.Fi ≫ Hostapd Version0.2.4

W1.Fi ≫ Hostapd Version0.2.5

W1.Fi ≫ Hostapd Version0.2.6

W1.Fi ≫ Hostapd Version0.2.8

W1.Fi ≫ Hostapd Version0.3.7

W1.Fi ≫ Hostapd Version0.3.9

W1.Fi ≫ Hostapd Version0.3.10

W1.Fi ≫ Hostapd Version0.3.11

W1.Fi ≫ Hostapd Version0.4.7

W1.Fi ≫ Hostapd Version0.4.8

W1.Fi ≫ Hostapd Version0.4.9

W1.Fi ≫ Hostapd Version0.4.10

W1.Fi ≫ Hostapd Version0.4.11

W1.Fi ≫ Hostapd Version0.5.7

W1.Fi ≫ Hostapd Version0.5.8

W1.Fi ≫ Hostapd Version0.5.9

W1.Fi ≫ Hostapd Version0.5.10

W1.Fi ≫ Hostapd Version0.5.11

W1.Fi ≫ Hostapd Version0.6.8

W1.Fi ≫ Hostapd Version0.6.9

W1.Fi ≫ Hostapd Version0.6.10

W1.Fi ≫ Hostapd Version0.7.3

W1.Fi ≫ Hostapd Version1.0

W1.Fi ≫ Hostapd Version1.1

W1.Fi ≫ Hostapd Version2.0

W1.Fi ≫ Hostapd Version2.1

W1.Fi ≫ Hostapd Version2.2

W1.Fi ≫ Hostapd Version2.3

W1.Fi ≫ Hostapd Version2.4

W1.Fi ≫ Hostapd Version2.5

W1.Fi ≫ Hostapd Version2.6

W1.Fi ≫ Wpa Supplicant Version0.2.4

W1.Fi ≫ Wpa Supplicant Version0.2.5

W1.Fi ≫ Wpa Supplicant Version0.2.6

W1.Fi ≫ Wpa Supplicant Version0.2.7

W1.Fi ≫ Wpa Supplicant Version0.2.8

W1.Fi ≫ Wpa Supplicant Version0.3.7

W1.Fi ≫ Wpa Supplicant Version0.3.8

W1.Fi ≫ Wpa Supplicant Version0.3.9

W1.Fi ≫ Wpa Supplicant Version0.3.10

W1.Fi ≫ Wpa Supplicant Version0.3.11

W1.Fi ≫ Wpa Supplicant Version0.4.7

W1.Fi ≫ Wpa Supplicant Version0.4.8

W1.Fi ≫ Wpa Supplicant Version0.4.9

W1.Fi ≫ Wpa Supplicant Version0.4.10

W1.Fi ≫ Wpa Supplicant Version0.4.11

W1.Fi ≫ Wpa Supplicant Version0.5.7

W1.Fi ≫ Wpa Supplicant Version0.5.8

W1.Fi ≫ Wpa Supplicant Version0.5.9

W1.Fi ≫ Wpa Supplicant Version0.5.10

W1.Fi ≫ Wpa Supplicant Version0.5.11

W1.Fi ≫ Wpa Supplicant Version0.6.8

W1.Fi ≫ Wpa Supplicant Version0.6.9

W1.Fi ≫ Wpa Supplicant Version0.6.10

W1.Fi ≫ Wpa Supplicant Version0.7.3

W1.Fi ≫ Wpa Supplicant Version1.0

W1.Fi ≫ Wpa Supplicant Version1.1

W1.Fi ≫ Wpa Supplicant Version2.0

W1.Fi ≫ Wpa Supplicant Version2.1

W1.Fi ≫ Wpa Supplicant Version2.2

W1.Fi ≫ Wpa Supplicant Version2.3

W1.Fi ≫ Wpa Supplicant Version2.4

W1.Fi ≫ Wpa Supplicant Version2.5

W1.Fi ≫ Wpa Supplicant Version2.6

Suse ≫ Linux Enterprise Desktop Version12 Updatesp2

Suse ≫ Linux Enterprise Desktop Version12 Updatesp3

Suse ≫ Linux Enterprise Point Of Sale Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformltss

Suse ≫ Linux Enterprise Server Version11 Updatesp4

Suse ≫ Linux Enterprise Server Version12 SwEditionltss

Suse ≫ Openstack Cloud Version6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.482

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.9	5.5	2.9	AV:A/AC:M/Au:N/C:N/I:P/A:N

CWE-323 Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html

http://www.ubuntu.com/usn/USN-3455-1

Third Party Advisory

https://source.android.com/security/bulletin/2017-11-01

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

Third Party Advisory

http://www.debian.org/security/2017/dsa-3999

Third Party Advisory

http://www.kb.cert.org/vuls/id/228519

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/101274

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039573

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039576

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039577

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039578

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039581

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039585

Third Party Advisory

VDB Entry

https://access.redhat.com/security/vulnerabilities/kracks

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://cert.vde.com/en-us/advisories/vde-2017-005

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

Third Party Advisory

https://security.gentoo.org/glsa/201711-03

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

Third Party Advisory

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Third Party Advisory

https://www.krackattacks.com/

Third Party Advisory

Technical Description

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-13081

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-13081

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-13081

EUVD