Description
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
References (25)
Core 25
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039581
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101274
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3999
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039578
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Third Party Advisory x_refsource_misc
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039577
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201711-03
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2907
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-17420
Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Technical Description, Third Party Advisory x_refsource_misc
https://www.krackattacks.com/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039573
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039576
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228519
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
Various Sources x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3455-1
Scores
CVSS v3
5.3
EPSS
0.0111
EPSS Percentile
78.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-323
CWE-330
Status
published
Products (48)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.04
debian/debian_linux
8.0
debian/debian_linux
9.0
freebsd/freebsd
freebsd/freebsd
10
freebsd/freebsd
10.4
freebsd/freebsd
11
freebsd/freebsd
11.1
... and 38 more
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026