CVE-2017-13080
Published: 16 October 2017
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Notes
Author | Note |
---|---|
mdeslaur | related to intel wireless firmware issue CVE-2017-5729 |
Priority
Status
Package | Release | Status |
---|---|---|
linux-firmware Launchpad, Ubuntu, Debian |
artful |
Released
(1.169.1)
|
bionic |
Released
(1.170)
|
|
cosmic |
Released
(1.170)
|
|
disco |
Released
(1.170)
|
|
eoan |
Released
(1.170)
|
|
focal |
Released
(1.170)
|
|
groovy |
Released
(1.170)
|
|
hirsute |
Released
(1.170)
|
|
trusty |
Released
(1.127.24)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.157.14)
|
|
zesty |
Released
(1.164.2)
|
|
wpa Launchpad, Ubuntu, Debian |
artful |
Released
(2.4-0ubuntu10)
|
bionic |
Released
(2.4-0ubuntu10)
|
|
cosmic |
Released
(2.4-0ubuntu10)
|
|
disco |
Released
(2.4-0ubuntu10)
|
|
eoan |
Released
(2.4-0ubuntu10)
|
|
focal |
Released
(2.4-0ubuntu10)
|
|
groovy |
Released
(2.4-0ubuntu10)
|
|
hirsute |
Released
(2.4-0ubuntu10)
|
|
trusty |
Released
(2.1-0ubuntu1.5)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(2.4-0ubuntu6.2)
|
|
zesty |
Released
(2.4-0ubuntu9.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Adjacent |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
- https://www.krackattacks.com/
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://ubuntu.com/security/notices/USN-3455-1
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00101.html
- https://ubuntu.com/security/notices/USN-3505-1
- https://www.cve.org/CVERecord?id=CVE-2017-13080
- NVD
- Launchpad
- Debian