CVE-2017-13080
Summary
| CVE | CVE-2017-13080 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-17 13:29:00 UTC |
| Updated | 2020-11-10 21:15:00 UTC |
| Description | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. |
Risk And Classification
Problem Types: CWE-330
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Freebsd | Freebsd | All | All | All | All |
| Operating System | Freebsd | Freebsd | 10 | All | All | All |
| Operating System | Freebsd | Freebsd | 10.4 | All | All | All |
| Operating System | Freebsd | Freebsd | 11 | All | All | All |
| Operating System | Freebsd | Freebsd | 11.1 | All | All | All |
| Operating System | Freebsd | Freebsd | All | All | All | All |
| Operating System | Freebsd | Freebsd | 10 | All | All | All |
| Operating System | Freebsd | Freebsd | 10.4 | All | All | All |
| Operating System | Freebsd | Freebsd | 11 | All | All | All |
| Operating System | Freebsd | Freebsd | 11.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.2 | All | All | All |
| Operating System | Opensuse | Leap | 42.3 | All | All | All |
| Operating System | Opensuse | Leap | 42.2 | All | All | All |
| Operating System | Opensuse | Leap | 42.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Point Of Sale | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Point Of Sale | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | All | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | All | All | All |
| Operating System | Suse | Openstack Cloud | 6 | All | All | All |
| Operating System | Suse | Openstack Cloud | 6 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.4 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.5 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.6 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.7.3 | All | All | All |
| Application | W1.fi | Hostapd | 1.0 | All | All | All |
| Application | W1.fi | Hostapd | 1.1 | All | All | All |
| Application | W1.fi | Hostapd | 2.0 | All | All | All |
| Application | W1.fi | Hostapd | 2.1 | All | All | All |
| Application | W1.fi | Hostapd | 2.2 | All | All | All |
| Application | W1.fi | Hostapd | 2.3 | All | All | All |
| Application | W1.fi | Hostapd | 2.4 | All | All | All |
| Application | W1.fi | Hostapd | 2.5 | All | All | All |
| Application | W1.fi | Hostapd | 2.6 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.4 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.5 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.6 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.7.3 | All | All | All |
| Application | W1.fi | Hostapd | 1.0 | All | All | All |
| Application | W1.fi | Hostapd | 1.1 | All | All | All |
| Application | W1.fi | Hostapd | 2.0 | All | All | All |
| Application | W1.fi | Hostapd | 2.1 | All | All | All |
| Application | W1.fi | Hostapd | 2.2 | All | All | All |
| Application | W1.fi | Hostapd | 2.3 | All | All | All |
| Application | W1.fi | Hostapd | 2.4 | All | All | All |
| Application | W1.fi | Hostapd | 2.5 | All | All | All |
| Application | W1.fi | Hostapd | 2.6 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.4 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.5 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.6 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.7.3 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 1.0 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 1.1 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.0 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.1 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.2 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.3 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.4 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.5 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.6 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.4 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.5 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.6 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.7.3 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 1.0 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 1.1 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.0 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.1 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.2 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.3 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.4 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.5 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.6 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (GLSA 201711-03) — Gentoo Security | GENTOO | security.gentoo.org | |
| w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-message... | MISC | w1.fi | Third Party Advisory |
| wpa_supplicant WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| ArubaOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| INTEL-SA-00402 | CONFIRM | www.intel.com | |
| About the security content of watchOS 4.2 - Apple Support | CONFIRM | support.apple.com | |
| About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support | CONFIRM | support.apple.com | |
| {{windowTitle}} | CONFIRM | portal.msrc.microsoft.com | Vendor Advisory |
| About the security content of tvOS 11.1 - Apple Support | CONFIRM | support.apple.com | |
| FreeBSD-SA-17:07 | FREEBSD | security.FreeBSD.org | Third Party Advisory |
| About the security content of iOS 11.2 - Apple Support | CONFIRM | support.apple.com | |
| Oracle Critical Patch Update - January 2018 | CONFIRM | www.oracle.com | |
| HPE Support document - HPE Support Center | CONFIRM | support.hpe.com | |
| Juniper Junos SRX Series WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Oracle Critical Patch Update - April 2018 | CONFIRM | www.oracle.com | |
| Vulnerability Note VU#228519 - Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| 101274 | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Modify Data, and Cause Denial of Service Conditions, Local and Remote Users Obtain Potentially Sensitive Information, and Applications Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| About the security content of iOS 11.1 - Apple Support | CONFIRM | support.apple.com | |
| Cisco IP Phones WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [SECURITY] [DLA 1573-1] firmware-nonfree security update | MLIST | lists.debian.org | |
| Android Security Bulletin—November 2017 | Android Open Source Project | CONFIRM | source.android.com | |
| [SECURITY] [DLA 1200-1] linux security update | MLIST | lists.debian.org | |
| [security-announce] openSUSE-SU-2017:2755-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf | CONFIRM | cert-portal.siemens.com | |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II | CISCO | tools.cisco.com | Third Party Advisory |
| Debian -- Security Information -- DSA-3999-1 wpa | DEBIAN | www.debian.org | Third Party Advisory |
| About the security content of watchOS 4.1 - Apple Support | CONFIRM | support.apple.com | |
| Juniper ScreenOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| USN-3455-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Fortinet FortiOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| KRACK Attacks: Breaking WPA2 | MISC | www.krackattacks.com | Technical Description, Third Party Advisory |
| [security-announce] SUSE-SU-2017:2745-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| About the security content of tvOS 11.2 - Apple Support | CONFIRM | support.apple.com | |
| [security-announce] SUSE-SU-2017:2752-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| Microsoft Windows WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Modify Data on the Target Wireless Network - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt | CONFIRM | www.arubanetworks.com | Third Party Advisory |
| WPA2 Protocol Vulnerabilities - US | CONFIRM | support.lenovo.com | Third Party Advisory |
| PEPPERL+FUCHS / ecom instruments WLAN enabled products utilizing WPA2 encryption (Update A) — English (USA) | CONFIRM | cert.vde.com | |
| PHOENIX CONTACT WLAN enabled devices utilising WPA2 encryption (Update B) — English (USA) | CONFIRM | cert.vde.com | |
| KRACKs - wpa_supplicant Multiple Vulnerabilities - Red Hat Customer Portal | CONFIRM | access.redhat.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378244 Virtuozzo Linux Security Update for wpa_supplicant (VZLSA-2017:2907)
- 378248 Virtuozzo Linux Security Update for wpa_supplicant (VZLSA-2017:2911)
- 500246 Alpine Linux Security Update for hostapd
- 500740 Alpine Linux Security Update for wpa_supplicant
- 503996 Alpine Linux Security Update for hostapd
- 504516 Alpine Linux Security Update for wpa_supplicant
- 590571 PHOENIX CONTACT WLAN Capable Devices using the WPA2 Protocol Multiple Vulnerabilities (ICSA-17-325-01)
- 591073 Siemens SIMATIC RF350M and SIMATIC RF650M KRACK Attacks Multiple Vulnerabilities (SSA-418456)
- 591394 ABB TropOS wireless mesh products WPA2 Key Reinstallation Multiple Vulnerabilities (ICSA-17-318-02A, ABBVU-PGGA-1KHW028907)
- 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
- 710321 Gentoo Linux hostapd and wpa_supplicant Key Reinstallation Vulnerability (GLSA 201711-03)
- 750549 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2059-1)
- 750557 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2053-1)
- 752179 SUSE Enterprise Linux Security Update for wpa_supplicant (SUSE-SU-2022:1853-1)