CVE-2017-13086

wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake

Severity Score

6.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave TPK (Peer Key) TDLS (Tunneled Direct-Link Setup) durante la negociación TDLS, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames.

A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-22 CVE Reserved
2017-10-16 CVE Published
2023-04-19 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-323: Reusing a Nonce, Key Pair in Encryption
CWE-330: Use of Insufficiently Random Values

CAPEC

References (23)

URL	Tag	Source
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt	Third Party Advisory
http://www.kb.cert.org/vuls/id/228519	Third Party Advisory
http://www.securityfocus.com/bid/101274	Third Party Advisory
http://www.securitytracker.com/id/1039573	Third Party Advisory
http://www.securitytracker.com/id/1039576	Third Party Advisory
http://www.securitytracker.com/id/1039577	Third Party Advisory
http://www.securitytracker.com/id/1039578	Third Party Advisory
http://www.securitytracker.com/id/1039581	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf	X_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005	X_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01	X_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-17420	Third Party Advisory
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt	Third Party Advisory
https://www.krackattacks.com	Technical Description

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.debian.org/security/2017/dsa-3999	2019-10-03
http://www.ubuntu.com/usn/USN-3455-1	2019-10-03
https://access.redhat.com/errata/RHSA-2017:2907	2019-10-03
https://access.redhat.com/security/vulnerabilities/kracks	2017-10-17
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc	2019-10-03
https://security.gentoo.org/glsa/201711-03	2019-10-03
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa	2019-10-03
https://access.redhat.com/security/cve/CVE-2017-13086	2017-10-17
https://bugzilla.redhat.com/show_bug.cgi?id=1500302	2017-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.04"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				*		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				10 Search vendor "Freebsd" for product "Freebsd" and version "10"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				10.4 Search vendor "Freebsd" for product "Freebsd" and version "10.4"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11 Search vendor "Freebsd" for product "Freebsd" and version "11"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.1 Search vendor "Freebsd" for product "Freebsd" and version "11.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.2 Search vendor "Opensuse" for product "Leap" and version "42.2"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.3 Search vendor "Opensuse" for product "Leap" and version "42.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.4 Search vendor "W1.fi" for product "Hostapd" and version "0.2.4"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.5 Search vendor "W1.fi" for product "Hostapd" and version "0.2.5"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.6 Search vendor "W1.fi" for product "Hostapd" and version "0.2.6"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.2.8 Search vendor "W1.fi" for product "Hostapd" and version "0.2.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.7 Search vendor "W1.fi" for product "Hostapd" and version "0.3.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.9 Search vendor "W1.fi" for product "Hostapd" and version "0.3.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.10 Search vendor "W1.fi" for product "Hostapd" and version "0.3.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.3.11 Search vendor "W1.fi" for product "Hostapd" and version "0.3.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.7 Search vendor "W1.fi" for product "Hostapd" and version "0.4.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.8 Search vendor "W1.fi" for product "Hostapd" and version "0.4.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.9 Search vendor "W1.fi" for product "Hostapd" and version "0.4.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.10 Search vendor "W1.fi" for product "Hostapd" and version "0.4.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.4.11 Search vendor "W1.fi" for product "Hostapd" and version "0.4.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.7 Search vendor "W1.fi" for product "Hostapd" and version "0.5.7"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.8 Search vendor "W1.fi" for product "Hostapd" and version "0.5.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.9 Search vendor "W1.fi" for product "Hostapd" and version "0.5.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.10 Search vendor "W1.fi" for product "Hostapd" and version "0.5.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.5.11 Search vendor "W1.fi" for product "Hostapd" and version "0.5.11"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.8 Search vendor "W1.fi" for product "Hostapd" and version "0.6.8"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.9 Search vendor "W1.fi" for product "Hostapd" and version "0.6.9"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.6.10 Search vendor "W1.fi" for product "Hostapd" and version "0.6.10"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				0.7.3 Search vendor "W1.fi" for product "Hostapd" and version "0.7.3"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				1.0 Search vendor "W1.fi" for product "Hostapd" and version "1.0"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				1.1 Search vendor "W1.fi" for product "Hostapd" and version "1.1"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.0 Search vendor "W1.fi" for product "Hostapd" and version "2.0"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.1 Search vendor "W1.fi" for product "Hostapd" and version "2.1"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.2 Search vendor "W1.fi" for product "Hostapd" and version "2.2"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.3 Search vendor "W1.fi" for product "Hostapd" and version "2.3"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.4 Search vendor "W1.fi" for product "Hostapd" and version "2.4"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.5 Search vendor "W1.fi" for product "Hostapd" and version "2.5"		-		Affected
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				2.6 Search vendor "W1.fi" for product "Hostapd" and version "2.6"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.4 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.4"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.5 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.5"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.6 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.6"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.2.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.2.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.3.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.3.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.4.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.4.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.7 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.5.11 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.5.11"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.8 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.8"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.9 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.9"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.6.10 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.6.10"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				0.7.3 Search vendor "W1.fi" for product "WPA Supplicant" and version "0.7.3"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				1.0 Search vendor "W1.fi" for product "WPA Supplicant" and version "1.0"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				1.1 Search vendor "W1.fi" for product "WPA Supplicant" and version "1.1"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.0 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.0"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.1 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.1"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.2 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.2"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.3 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.3"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.4 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.4"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.5 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.5"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				2.6 Search vendor "W1.fi" for product "WPA Supplicant" and version "2.6"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		sp2		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Point Of Sale Search vendor "Suse" for product "Linux Enterprise Point Of Sale"				11 Search vendor "Suse" for product "Linux Enterprise Point Of Sale" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3, ltss		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp4		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12"		ltss		Affected
Suse Search vendor "Suse"		Openstack Cloud Search vendor "Suse" for product "Openstack Cloud"				6 Search vendor "Suse" for product "Openstack Cloud" and version "6"		-		Affected