CVE-2017-13082
high-risk
Published 2017-10-17
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Do I need to act?
-
0.80% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (20)
References (52)
Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory
http://www.debian.org/security/2017/dsa-3999
Third Party Advisory
http://www.kb.cert.org/vuls/id/228519
Third Party Advisory
http://www.securityfocus.com/bid/101274
Third Party Advisory
http://www.securitytracker.com/id/1039570
Third Party Advisory
http://www.securitytracker.com/id/1039571
Third Party Advisory
http://www.securitytracker.com/id/1039573
Third Party Advisory
http://www.securitytracker.com/id/1039581
Third Party Advisory
http://www.ubuntu.com/usn/USN-3455-1
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2907
Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
and 32 more references
57
/ 100
high-risk
Severity
25/34 · High
Exploitability
3/34 · Minimal
Exposure
29/34 · Critical