CVE-2017-13086
Summary
| CVE | CVE-2017-13086 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-17 13:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
Risk And Classification
Primary CVSS: v3.0 6.8 MEDIUM from [email protected]
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Problem Types: CWE-323 | CWE-330 | CWE-323 CWE-323: Reusing a Nonce, Key Pair in Encryption
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 6.8 | MEDIUM | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 2.0 | [email protected] | Primary | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
AdjacentAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:A/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Freebsd | Freebsd | All | All | All | All |
| Operating System | Freebsd | Freebsd | 10 | All | All | All |
| Operating System | Freebsd | Freebsd | 10.4 | All | All | All |
| Operating System | Freebsd | Freebsd | 11 | All | All | All |
| Operating System | Freebsd | Freebsd | 11.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.2 | All | All | All |
| Operating System | Opensuse | Leap | 42.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Point Of Sale | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | All | All | All |
| Operating System | Suse | Openstack Cloud | 6 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.4 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.5 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.6 | All | All | All |
| Application | W1.fi | Hostapd | 0.2.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.3.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.4.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.11 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.7 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.5.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.10 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.8 | All | All | All |
| Application | W1.fi | Hostapd | 0.6.9 | All | All | All |
| Application | W1.fi | Hostapd | 0.7.3 | All | All | All |
| Application | W1.fi | Hostapd | 1.0 | All | All | All |
| Application | W1.fi | Hostapd | 1.1 | All | All | All |
| Application | W1.fi | Hostapd | 2.0 | All | All | All |
| Application | W1.fi | Hostapd | 2.1 | All | All | All |
| Application | W1.fi | Hostapd | 2.2 | All | All | All |
| Application | W1.fi | Hostapd | 2.3 | All | All | All |
| Application | W1.fi | Hostapd | 2.4 | All | All | All |
| Application | W1.fi | Hostapd | 2.5 | All | All | All |
| Application | W1.fi | Hostapd | 2.6 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.4 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.5 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.6 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.2.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.3.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.4.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.11 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.7 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.5.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.10 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.8 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.6.9 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 0.7.3 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 1.0 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 1.1 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.0 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.1 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.2 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.3 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.4 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.5 | All | All | All |
| Application | W1.fi | Wpa Supplicant | 2.6 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Wi-Fi Alliance | Wi-Fi Protected Access WPA And WPA2 | affected WPA | Not specified |
| CNA | Wi-Fi Alliance | Wi-Fi Protected Access WPA And WPA2 | affected WPA2 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| KRACKs - wpa_supplicant Multiple Vulnerabilities - Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Android Security Bulletin—November 2017 | Android Open Source Project | af854a3a-2127-422b-91ae-364da2661108 | source.android.com | |
| security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc | af854a3a-2127-422b-91ae-364da2661108 | security.FreeBSD.org | Third Party Advisory |
| PEPPERL+FUCHS / ecom instruments WLAN enabled products utilizing WPA2 encryption (Update A) — English (USA) | af854a3a-2127-422b-91ae-364da2661108 | cert.vde.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (GLSA 201711-03) — Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-message... | af854a3a-2127-422b-91ae-364da2661108 | w1.fi | Third Party Advisory |
| Vulnerability Note VU#228519 - Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory, US Government Resource |
| www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt | af854a3a-2127-422b-91ae-364da2661108 | www.arubanetworks.com | Third Party Advisory |
| wpa_supplicant WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Juniper Junos SRX Series WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Third Party Advisory |
| WPA2 Protocol Vulnerabilities - US | af854a3a-2127-422b-91ae-364da2661108 | support.lenovo.com | Third Party Advisory |
| Cisco IP Phones WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| ArubaOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | |
| www.securityfocus.com/bid/101274 | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Debian -- Security Information -- DSA-3999-1 wpa | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| KRACK Attacks: Breaking WPA2 | af854a3a-2127-422b-91ae-364da2661108 | www.krackattacks.com | Technical Description, Third Party Advisory |
| USN-3455-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Juniper ScreenOS WPA/WPA2 Protocol Key Reinstallation Attack Lets Remote Users Access and Modify Data on the Target Wireless Network - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378244 Virtuozzo Linux Security Update for wpa_supplicant (VZLSA-2017:2907)
- 500246 Alpine Linux Security Update for hostapd
- 500740 Alpine Linux Security Update for wpa_supplicant
- 503996 Alpine Linux Security Update for hostapd
- 504516 Alpine Linux Security Update for wpa_supplicant
- 591394 ABB TropOS wireless mesh products WPA2 Key Reinstallation Multiple Vulnerabilities (ICSA-17-318-02A, ABBVU-PGGA-1KHW028907)
- 710321 Gentoo Linux hostapd and wpa_supplicant Key Reinstallation Vulnerability (GLSA 201711-03)
- 750549 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2059-1)
- 750557 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2053-1)
- 752179 SUSE Enterprise Linux Security Update for wpa_supplicant (SUSE-SU-2022:1853-1)