CVE-2017-13081

FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11w permite la reinstalación de la clave temporal IGTK (Integrity Group Temporal Key) durante el handshake de clave de grupo, haciendo que un atacante en el rango de radio suplante frames desde los puntos de acceso hasta los clientes.

A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-22 CVE Reserved
2017-10-16 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-323: Reusing a Nonce, Key Pair in Encryption
CWE-330: Use of Insufficiently Random Values

CAPEC

References (26)

URL	Tag	Source
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt	Third Party Advisory
http://www.kb.cert.org/vuls/id/228519	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	X_refsource_confirm
http://www.securityfocus.com/bid/101274	Third Party Advisory
http://www.securitytracker.com/id/1039573	Third Party Advisory
http://www.securitytracker.com/id/1039576	Third Party Advisory
http://www.securitytracker.com/id/1039577	Third Party Advisory
http://www.securitytracker.com/id/1039578	Third Party Advisory
http://www.securitytracker.com/id/1039581	Third Party Advisory
http://www.securitytracker.com/id/1039585	Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf	X_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005	X_refsource_confirm
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html	Mailing List
https://source.android.com/security/bulletin/2017-11-01	X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us	X_refsource_confirm
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt	Third Party Advisory
https://www.krackattacks.com	Technical Description

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html	2019-10-03
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html	2019-10-03
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html	2019-10-03
http://www.debian.org/security/2017/dsa-3999	2019-10-03
http://www.ubuntu.com/usn/USN-3455-1	2019-10-03
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc	2019-10-03
https://security.gentoo.org/glsa/201711-03	2019-10-03
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.04"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				*		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				10 Search vendor "Freebsd" for product "Freebsd" and version "10"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				10.4 Search vendor "Freebsd" for product "Freebsd" and version "10.4"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11 Search vendor "Freebsd" for product "Freebsd" and version "11"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.1 Search vendor "Freebsd" for product "Freebsd" and version "11.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.2 Search vendor "Opensuse" for product "Leap" and version "42.2"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.3 Search vendor "Opensuse" for product "Leap" and version "42.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.4 Search vendor "W1.fi" for product "Hostapd" and version "0.2.4"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.5 Search vendor "W1.fi" for product "Hostapd" and version "0.2.5"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.6 Search vendor "W1.fi" for product "Hostapd" and version "0.2.6"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.8 Search vendor "W1.fi" for product "Hostapd" and version "0.2.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.7 Search vendor "W1.fi" for product "Hostapd" and version "0.3.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.9 Search vendor "W1.fi" for product "Hostapd" and version "0.3.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.10 Search vendor "W1.fi" for product "Hostapd" and version "0.3.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.11 Search vendor "W1.fi" for product "Hostapd" and version "0.3.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.7 Search vendor "W1.fi" for product "Hostapd" and version "0.4.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.8 Search vendor "W1.fi" for product "Hostapd" and version "0.4.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.9 Search vendor "W1.fi" for product "Hostapd" and version "0.4.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.10 Search vendor "W1.fi" for product "Hostapd" and version "0.4.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.11 Search vendor "W1.fi" for product "Hostapd" and version "0.4.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.7 Search vendor "W1.fi" for product "Hostapd" and version "0.5.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.8 Search vendor "W1.fi" for product "Hostapd" and version "0.5.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.9 Search vendor "W1.fi" for product "Hostapd" and version "0.5.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.10 Search vendor "W1.fi" for product "Hostapd" and version "0.5.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.11 Search vendor "W1.fi" for product "Hostapd" and version "0.5.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.8 Search vendor "W1.fi" for product "Hostapd" and version "0.6.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.9 Search vendor "W1.fi" for product "Hostapd" and version "0.6.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.10 Search vendor "W1.fi" for product "Hostapd" and version "0.6.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.7.3 Search vendor "W1.fi" for product "Hostapd" and version "0.7.3"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				1.0 Search vendor "W1.fi" for product "Hostapd" and version "1.0"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				1.1 Search vendor "W1.fi" for product "Hostapd" and version "1.1"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.0 Search vendor "W1.fi" for product "Hostapd" and version "2.0"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.1 Search vendor "W1.fi" for product "Hostapd" and version "2.1"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.2 Search vendor "W1.fi" for product "Hostapd" and version "2.2"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.3 Search vendor "W1.fi" for product "Hostapd" and version "2.3"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.4 Search vendor "W1.fi" for product "Hostapd" and version "2.4"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.5 Search vendor "W1.fi" for product "Hostapd" and version "2.5"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.6 Search vendor "W1.fi" for product "Hostapd" and version "2.6"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.4 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.4"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.5 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.5"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.6 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.6"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.7.3 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.7.3"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				1.0 Search vendor "W1.fi" for product "WPA Supplicant" and version "1.0"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				1.1 Search vendor "W1.fi" for product "WPA Supplicant" and version "1.1"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.0 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.0"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.1 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.1"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.2 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.2"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.3 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.3"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.4 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.4"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.5 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.5"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.6 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.6"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		sp2		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Point Of Sale Search vendor "Suse" for product "Linux Enterprise Point Of Sale"				11 Search vendor "Suse" for product "Linux Enterprise Point Of Sale" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3, ltss		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp4		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12"		ltss		Affected
Suse Search vendor "Suse"		Openstack Cloud Search vendor "Suse" for product "Openstack Cloud"				6 Search vendor "Suse" for product "Openstack Cloud" and version "6"		-		Affected