CVE-2017-13081
moderate-risk
Published 2017-10-17
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Do I need to act?
-
0.46% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (20)
References (52)
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory
http://www.debian.org/security/2017/dsa-3999
Third Party Advisory
http://www.kb.cert.org/vuls/id/228519
Third Party Advisory
http://www.securityfocus.com/bid/101274
Third Party Advisory
http://www.securitytracker.com/id/1039573
Third Party Advisory
http://www.securitytracker.com/id/1039576
Third Party Advisory
http://www.securitytracker.com/id/1039577
Third Party Advisory
http://www.securitytracker.com/id/1039578
Third Party Advisory
http://www.securitytracker.com/id/1039581
Third Party Advisory
http://www.securitytracker.com/id/1039585
Third Party Advisory
http://www.ubuntu.com/usn/USN-3455-1
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
and 32 more references
45
/ 100
moderate-risk
Severity
14/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
29/34 · Critical