CVE-2017-13081
First published: Tue Oct 17 2017(Updated: )
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =17.04 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| FreeBSD FreeBSD | ||
| FreeBSD FreeBSD | =10 | |
| FreeBSD FreeBSD | =10.4 | |
| FreeBSD FreeBSD | =11 | |
| FreeBSD FreeBSD | =11.1 | |
| openSUSE | =42.2 | |
| openSUSE | =42.3 | |
| redhat enterprise Linux desktop | =7 | |
| redhat enterprise Linux server | =7 | |
| w1.fi hostapd | =0.2.4 | |
| w1.fi hostapd | =0.2.5 | |
| w1.fi hostapd | =0.2.6 | |
| w1.fi hostapd | =0.2.8 | |
| w1.fi hostapd | =0.3.7 | |
| w1.fi hostapd | =0.3.9 | |
| w1.fi hostapd | =0.3.10 | |
| w1.fi hostapd | =0.3.11 | |
| w1.fi hostapd | =0.4.7 | |
| w1.fi hostapd | =0.4.8 | |
| w1.fi hostapd | =0.4.9 | |
| w1.fi hostapd | =0.4.10 | |
| w1.fi hostapd | =0.4.11 | |
| w1.fi hostapd | =0.5.7 | |
| w1.fi hostapd | =0.5.8 | |
| w1.fi hostapd | =0.5.9 | |
| w1.fi hostapd | =0.5.10 | |
| w1.fi hostapd | =0.5.11 | |
| w1.fi hostapd | =0.6.8 | |
| w1.fi hostapd | =0.6.9 | |
| w1.fi hostapd | =0.6.10 | |
| w1.fi hostapd | =0.7.3 | |
| w1.fi hostapd | =1.0 | |
| w1.fi hostapd | =1.1 | |
| w1.fi hostapd | =2.0 | |
| w1.fi hostapd | =2.1 | |
| w1.fi hostapd | =2.2 | |
| w1.fi hostapd | =2.3 | |
| w1.fi hostapd | =2.4 | |
| w1.fi hostapd | =2.5 | |
| w1.fi hostapd | =2.6 | |
| wpa_supplicant | =0.2.4 | |
| wpa_supplicant | =0.2.5 | |
| wpa_supplicant | =0.2.6 | |
| wpa_supplicant | =0.2.7 | |
| wpa_supplicant | =0.2.8 | |
| wpa_supplicant | =0.3.7 | |
| wpa_supplicant | =0.3.8 | |
| wpa_supplicant | =0.3.9 | |
| wpa_supplicant | =0.3.10 | |
| wpa_supplicant | =0.3.11 | |
| wpa_supplicant | =0.4.7 | |
| wpa_supplicant | =0.4.8 | |
| wpa_supplicant | =0.4.9 | |
| wpa_supplicant | =0.4.10 | |
| wpa_supplicant | =0.4.11 | |
| wpa_supplicant | =0.5.7 | |
| wpa_supplicant | =0.5.8 | |
| wpa_supplicant | =0.5.9 | |
| wpa_supplicant | =0.5.10 | |
| wpa_supplicant | =0.5.11 | |
| wpa_supplicant | =0.6.8 | |
| wpa_supplicant | =0.6.9 | |
| wpa_supplicant | =0.6.10 | |
| wpa_supplicant | =0.7.3 | |
| wpa_supplicant | =1.0 | |
| wpa_supplicant | =1.1 | |
| wpa_supplicant | =2.0 | |
| wpa_supplicant | =2.1 | |
| wpa_supplicant | =2.2 | |
| wpa_supplicant | =2.3 | |
| wpa_supplicant | =2.4 | |
| wpa_supplicant | =2.5 | |
| wpa_supplicant | =2.6 | |
| SUSE Linux Enterprise Desktop with Beagle | =12-sp2 | |
| SUSE Linux Enterprise Desktop with Beagle | =12-sp3 | |
| SUSE Linux Enterprise Point of Sale | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Server | =12 | |
| openSUSE OpenStack Cloud | =6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com//android.googlesource.com/platform/external/wpa_supplicant_8/+/10bfd644d0adaf334c036f8cda91a73984dbb7b9
- https://source.android.com/docs/security/bulletin/2017-11-01 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- http://www.debian.org/security/2017/dsa-3999
- http://www.kb.cert.org/vuls/id/228519
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/101274
- http://www.securitytracker.com/id/1039573
- http://www.securitytracker.com/id/1039576
- http://www.securitytracker.com/id/1039577
- http://www.securitytracker.com/id/1039578
- http://www.securitytracker.com/id/1039581
- http://www.securitytracker.com/id/1039585
- http://www.ubuntu.com/usn/USN-3455-1
- https://access.redhat.com/security/vulnerabilities/kracks
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
- https://security.gentoo.org/glsa/201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- https://www.krackattacks.com/
Frequently Asked Questions
What is the severity of CVE-2017-13081?
CVE-2017-13081 has a critical severity rating due to the potential for remote exploitation.
How do I fix CVE-2017-13081?
To fix CVE-2017-13081, you should apply the latest patches provided by your operating system vendor.
Which software is affected by CVE-2017-13081?
CVE-2017-13081 affects various versions of Android, Ubuntu, Debian, FreeBSD, and openSUSE, among others.
Can CVE-2017-13081 be exploited remotely?
Yes, CVE-2017-13081 can be exploited by an attacker within radio range to spoof frames from access points.
What type of vulnerability is CVE-2017-13081?
CVE-2017-13081 is a vulnerability in the Wi-Fi Protected Access (WPA and WPA2) protocols.
- agent/weakness
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- agent/softwarecombine
- vendor/google
- canonical/android
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/17.04
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/10
- version/freebsd freebsd/10.4
- version/freebsd freebsd/11
- version/freebsd freebsd/11.1
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.2
- version/opensuse/42.3
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7
- vendor/w1.fi
- canonical/w1.fi hostapd
- version/w1.fi hostapd/0.2.4
- version/w1.fi hostapd/0.2.5
- version/w1.fi hostapd/0.2.6
- version/w1.fi hostapd/0.2.8
- version/w1.fi hostapd/0.3.7
- version/w1.fi hostapd/0.3.9
- version/w1.fi hostapd/0.3.10
- version/w1.fi hostapd/0.3.11
- version/w1.fi hostapd/0.4.7
- version/w1.fi hostapd/0.4.8
- version/w1.fi hostapd/0.4.9
- version/w1.fi hostapd/0.4.10
- version/w1.fi hostapd/0.4.11
- version/w1.fi hostapd/0.5.7
- version/w1.fi hostapd/0.5.8
- version/w1.fi hostapd/0.5.9
- version/w1.fi hostapd/0.5.10
- version/w1.fi hostapd/0.5.11
- version/w1.fi hostapd/0.6.8
- version/w1.fi hostapd/0.6.9
- version/w1.fi hostapd/0.6.10
- version/w1.fi hostapd/0.7.3
- version/w1.fi hostapd/1.0
- version/w1.fi hostapd/1.1
- version/w1.fi hostapd/2.0
- version/w1.fi hostapd/2.1
- version/w1.fi hostapd/2.2
- version/w1.fi hostapd/2.3
- version/w1.fi hostapd/2.4
- version/w1.fi hostapd/2.5
- version/w1.fi hostapd/2.6
- canonical/wpa_supplicant
- version/wpa_supplicant/0.2.4
- version/wpa_supplicant/0.2.5
- version/wpa_supplicant/0.2.6
- version/wpa_supplicant/0.2.7
- version/wpa_supplicant/0.2.8
- version/wpa_supplicant/0.3.7
- version/wpa_supplicant/0.3.8
- version/wpa_supplicant/0.3.9
- version/wpa_supplicant/0.3.10
- version/wpa_supplicant/0.3.11
- version/wpa_supplicant/0.4.7
- version/wpa_supplicant/0.4.8
- version/wpa_supplicant/0.4.9
- version/wpa_supplicant/0.4.10
- version/wpa_supplicant/0.4.11
- version/wpa_supplicant/0.5.7
- version/wpa_supplicant/0.5.8
- version/wpa_supplicant/0.5.9
- version/wpa_supplicant/0.5.10
- version/wpa_supplicant/0.5.11
- version/wpa_supplicant/0.6.8
- version/wpa_supplicant/0.6.9
- version/wpa_supplicant/0.6.10
- version/wpa_supplicant/0.7.3
- version/wpa_supplicant/1.0
- version/wpa_supplicant/1.1
- version/wpa_supplicant/2.0
- version/wpa_supplicant/2.1
- version/wpa_supplicant/2.2
- version/wpa_supplicant/2.3
- version/wpa_supplicant/2.4
- version/wpa_supplicant/2.5
- version/wpa_supplicant/2.6
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/12-sp2
- version/suse linux enterprise desktop with beagle/12-sp3
- canonical/suse linux enterprise point of sale
- version/suse linux enterprise point of sale/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- version/suse linux enterprise server/11-sp4
- version/suse linux enterprise server/12
- canonical/opensuse openstack cloud
- version/opensuse openstack cloud/6