8.1

CVE-2017-13082

Exploit

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.04
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
FreebsdFreebsd Version10
FreebsdFreebsd Version10.4
FreebsdFreebsd Version11
FreebsdFreebsd Version11.1
OpensuseLeap Version42.2
OpensuseLeap Version42.3
W1.FiHostapd Version0.2.4
W1.FiHostapd Version0.2.5
W1.FiHostapd Version0.2.6
W1.FiHostapd Version0.2.8
W1.FiHostapd Version0.3.7
W1.FiHostapd Version0.3.9
W1.FiHostapd Version0.3.10
W1.FiHostapd Version0.3.11
W1.FiHostapd Version0.4.7
W1.FiHostapd Version0.4.8
W1.FiHostapd Version0.4.9
W1.FiHostapd Version0.4.10
W1.FiHostapd Version0.4.11
W1.FiHostapd Version0.5.7
W1.FiHostapd Version0.5.8
W1.FiHostapd Version0.5.9
W1.FiHostapd Version0.5.10
W1.FiHostapd Version0.5.11
W1.FiHostapd Version0.6.8
W1.FiHostapd Version0.6.9
W1.FiHostapd Version0.6.10
W1.FiHostapd Version0.7.3
W1.FiHostapd Version1.0
W1.FiHostapd Version1.1
W1.FiHostapd Version2.0
W1.FiHostapd Version2.1
W1.FiHostapd Version2.2
W1.FiHostapd Version2.3
W1.FiHostapd Version2.4
W1.FiHostapd Version2.5
W1.FiHostapd Version2.6
W1.FiWpa Supplicant Version0.2.4
W1.FiWpa Supplicant Version0.2.5
W1.FiWpa Supplicant Version0.2.6
W1.FiWpa Supplicant Version0.2.7
W1.FiWpa Supplicant Version0.2.8
W1.FiWpa Supplicant Version0.3.7
W1.FiWpa Supplicant Version0.3.8
W1.FiWpa Supplicant Version0.3.9
W1.FiWpa Supplicant Version0.3.10
W1.FiWpa Supplicant Version0.3.11
W1.FiWpa Supplicant Version0.4.7
W1.FiWpa Supplicant Version0.4.8
W1.FiWpa Supplicant Version0.4.9
W1.FiWpa Supplicant Version0.4.10
W1.FiWpa Supplicant Version0.4.11
W1.FiWpa Supplicant Version0.5.7
W1.FiWpa Supplicant Version0.5.8
W1.FiWpa Supplicant Version0.5.9
W1.FiWpa Supplicant Version0.5.10
W1.FiWpa Supplicant Version0.5.11
W1.FiWpa Supplicant Version0.6.8
W1.FiWpa Supplicant Version0.6.9
W1.FiWpa Supplicant Version0.6.10
W1.FiWpa Supplicant Version0.7.3
W1.FiWpa Supplicant Version1.0
W1.FiWpa Supplicant Version1.1
W1.FiWpa Supplicant Version2.0
W1.FiWpa Supplicant Version2.1
W1.FiWpa Supplicant Version2.2
W1.FiWpa Supplicant Version2.3
W1.FiWpa Supplicant Version2.4
W1.FiWpa Supplicant Version2.5
W1.FiWpa Supplicant Version2.6
SuseLinux Enterprise Desktop Version12 Updatesp2
SuseLinux Enterprise Desktop Version12 Updatesp3
SuseLinux Enterprise Point Of Sale Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformltss
SuseLinux Enterprise Server Version11 Updatesp4
SuseLinux Enterprise Server Version12 SwEditionltss
SuseOpenstack Cloud Version6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.613
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 5.8 6.5 6.4
AV:A/AC:L/Au:N/C:P/I:P/A:P
CWE-323 Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://www.kb.cert.org/vuls/id/228519
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/101274
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039573
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039581
Third Party Advisory
VDB Entry
https://www.krackattacks.com/
Third Party Advisory
Technical Description
http://www.securitytracker.com/id/1039570
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039571
Third Party Advisory
VDB Entry