Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-13087

Опубликовано: 16 окт. 2017
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.

Отчет

This issues affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5wpa_supplicantNot affected
Red Hat Enterprise Linux 6wpa_supplicantFixedRHSA-2017:291118.10.2017
Red Hat Enterprise Linux 7wpa_supplicantFixedRHSA-2017:290717.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-323
https://bugzilla.redhat.com/show_bug.cgi?id=1500303wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

EPSS

Процентиль: 51%
0.00284
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-13087

CVSS3: 5.3
ubuntu
больше 7 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

nvd логотип

CVE-2017-13087

CVSS3: 5.3
nvd
больше 7 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

debian логотип

CVE-2017-13087

CVSS3: 5.3
debian
больше 7 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...

github логотип

GHSA-88jq-244c-4xj3

CVSS3: 5.3
github
около 3 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

fstec логотип

BDU:2017-02271

CVSS3: 7.9
fstec
почти 8 лет назад

Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети

EPSS

Процентиль: 51%
0.00284
Низкий

8.1 High

CVSS3