Description
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
References (21)
Core 21
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039581
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101274
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3999
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039578
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Third Party Advisory x_refsource_misc
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039577
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201711-03
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2907
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-17420
Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Technical Description, Third Party Advisory x_refsource_misc
https://www.krackattacks.com/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039573
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039576
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228519
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
Various Sources x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3455-1
Scores
CVSS v3
6.8
EPSS
0.0099
EPSS Percentile
77.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-323
CWE-330
Status
published
Products (48)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.04
debian/debian_linux
8.0
debian/debian_linux
9.0
freebsd/freebsd
freebsd/freebsd
10
freebsd/freebsd
10.4
freebsd/freebsd
11
freebsd/freebsd
11.1
... and 38 more
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026