Description
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
References (43)
Core 43
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039581
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208221
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101274
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3999
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208327
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039578
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208325
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2911
Third Party Advisory x_refsource_misc
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039577
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039572
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208222
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208334
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201711-03
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2907
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-17420
Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Technical Description, Third Party Advisory x_refsource_misc
https://www.krackattacks.com/
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039573
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039576
Various Sources x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-003
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039585
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228519
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208220
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208219
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
Various Sources x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039703
Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3455-1
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
Scores
CVSS v3
5.3
EPSS
0.0082
EPSS Percentile
74.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-323
CWE-330
Status
published
Products (48)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.04
debian/debian_linux
8.0
debian/debian_linux
9.0
freebsd/freebsd
freebsd/freebsd
10
freebsd/freebsd
10.4
freebsd/freebsd
11
freebsd/freebsd
11.1
... and 38 more
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026