Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-13088

Опубликовано: 16 окт. 2017
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.

Отчет

This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5wpa_supplicantNot affected
Red Hat Enterprise Linux 6wpa_supplicantNot affected
Red Hat Enterprise Linux 7wpa_supplicantFixedRHSA-2017:290717.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-323
https://bugzilla.redhat.com/show_bug.cgi?id=1500304wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

EPSS

Процентиль: 55%
0.00328
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-13088

CVSS3: 5.3
ubuntu
больше 7 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

nvd логотип

CVE-2017-13088

CVSS3: 5.3
nvd
больше 7 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

debian логотип

CVE-2017-13088

CVSS3: 5.3
debian
больше 7 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...

github логотип

GHSA-qvr8-f9g3-wv5x

CVSS3: 5.3
github
около 3 лет назад

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

fstec логотип

BDU:2017-02272

CVSS3: 7.9
fstec
почти 8 лет назад

Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (integrity group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети

EPSS

Процентиль: 55%
0.00328
Низкий

8.1 High

CVSS3