Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Adjacent_network
0

CVE-2017-13082

Disclosure Date: October 17, 2017
CVE-2017-13082 CVSS v3 Base Score: 8.1
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.1 High
Impact Score:
5.2
Exploitability Score:
2.8
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Wi-Fi Protected Access (WPA and WPA2) WPA
Wi-Fi Protected Access (WPA and WPA2) WPA2
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • freebsd,
  • opensuse,
  • redhat,
  • suse,
  • w1.fi

Products

  • debian linux 8.0,
  • debian linux 9.0,
  • enterprise linux desktop 7,
  • enterprise linux server 7,
  • freebsd,
  • freebsd 10,
  • freebsd 10.4,
  • freebsd 11,
  • freebsd 11.1,
  • hostapd 0.2.4,
  • hostapd 0.2.5,
  • hostapd 0.2.6,
  • hostapd 0.2.8,
  • hostapd 0.3.10,
  • hostapd 0.3.11,
  • hostapd 0.3.7,
  • hostapd 0.3.9,
  • hostapd 0.4.10,
  • hostapd 0.4.11,
  • hostapd 0.4.7,
  • hostapd 0.4.8,
  • hostapd 0.4.9,
  • hostapd 0.5.10,
  • hostapd 0.5.11,
  • hostapd 0.5.7,
  • hostapd 0.5.8,
  • hostapd 0.5.9,
  • hostapd 0.6.10,
  • hostapd 0.6.8,
  • hostapd 0.6.9,
  • hostapd 0.7.3,
  • hostapd 1.0,
  • hostapd 1.1,
  • hostapd 2.0,
  • hostapd 2.1,
  • hostapd 2.2,
  • hostapd 2.3,
  • hostapd 2.4,
  • hostapd 2.5,
  • hostapd 2.6,
  • leap 42.2,
  • leap 42.3,
  • linux enterprise desktop 12,
  • linux enterprise point of sale 11,
  • linux enterprise server 11,
  • linux enterprise server 12,
  • openstack cloud 6,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 17.04,
  • wpa supplicant 0.2.4,
  • wpa supplicant 0.2.5,
  • wpa supplicant 0.2.6,
  • wpa supplicant 0.2.7,
  • wpa supplicant 0.2.8,
  • wpa supplicant 0.3.10,
  • wpa supplicant 0.3.11,
  • wpa supplicant 0.3.7,
  • wpa supplicant 0.3.8,
  • wpa supplicant 0.3.9,
  • wpa supplicant 0.4.10,
  • wpa supplicant 0.4.11,
  • wpa supplicant 0.4.7,
  • wpa supplicant 0.4.8,
  • wpa supplicant 0.4.9,
  • wpa supplicant 0.5.10,
  • wpa supplicant 0.5.11,
  • wpa supplicant 0.5.7,
  • wpa supplicant 0.5.8,
  • wpa supplicant 0.5.9,
  • wpa supplicant 0.6.10,
  • wpa supplicant 0.6.8,
  • wpa supplicant 0.6.9,
  • wpa supplicant 0.7.3,
  • wpa supplicant 1.0,
  • wpa supplicant 1.1,
  • wpa supplicant 2.0,
  • wpa supplicant 2.1,
  • wpa supplicant 2.2,
  • wpa supplicant 2.3,
  • wpa supplicant 2.4,
  • wpa supplicant 2.5,
  • wpa supplicant 2.6

References

Canonical
CVE-2017-13082 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082)
BID-101274 (http://www.securityfocus.com/bid/101274)
Advisory
SECTRACK-1039581 (http://www.securitytracker.com/id/1039581)
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
DSA-3999 (http://www.debian.org/security/2017/dsa-3999)
https://access.redhat.com/security/vulnerabilities/kracks
20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa)
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
SECTRACK-1039571 (http://www.securitytracker.com/id/1039571)
https://source.android.com/security/bulletin/2017-11-01
GLSA-201711-03 (https://security.gentoo.org/glsa/201711-03)
https://access.redhat.com/errata/RHSA-2017:2907
SECTRACK-1039570 (http://www.securitytracker.com/id/1039570)
https://support.lenovo.com/us/en/product_security/LEN-17420
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
SECTRACK-1039573 (http://www.securitytracker.com/id/1039573)
VU#228519 (http://www.kb.cert.org/vuls/id/228519)
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
https://cert.vde.com/en-us/advisories/vde-2017-005
USN-3455-1 (http://www.ubuntu.com/usn/USN-3455-1)
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
Miscellaneous
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
https://www.krackattacks.com
https://github.com/vanhoefm/krackattacks-test-ap-ft

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis