First published: Tue Oct 10 2017(Updated: )
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Ubuntu | =14.04 | |
Ubuntu | =16.04 | |
Ubuntu | =17.04 | |
Debian Linux | =8.0 | |
Debian Linux | =9.0 | |
FreeBSD Kernel | ||
FreeBSD Kernel | =10 | |
FreeBSD Kernel | =10.4 | |
FreeBSD Kernel | =11 | |
FreeBSD Kernel | =11.1 | |
SUSE Linux | =42.2 | |
SUSE Linux | =42.3 | |
Red Hat Enterprise Linux Desktop | =7 | |
Red Hat Enterprise Linux Server | =7 | |
hostapd | =0.2.4 | |
hostapd | =0.2.5 | |
hostapd | =0.2.6 | |
hostapd | =0.2.8 | |
hostapd | =0.3.7 | |
hostapd | =0.3.9 | |
hostapd | =0.3.10 | |
hostapd | =0.3.11 | |
hostapd | =0.4.7 | |
hostapd | =0.4.8 | |
hostapd | =0.4.9 | |
hostapd | =0.4.10 | |
hostapd | =0.4.11 | |
hostapd | =0.5.7 | |
hostapd | =0.5.8 | |
hostapd | =0.5.9 | |
hostapd | =0.5.10 | |
hostapd | =0.5.11 | |
hostapd | =0.6.8 | |
hostapd | =0.6.9 | |
hostapd | =0.6.10 | |
hostapd | =0.7.3 | |
hostapd | =1.0 | |
hostapd | =1.1 | |
hostapd | =2.0 | |
hostapd | =2.1 | |
hostapd | =2.2 | |
hostapd | =2.3 | |
hostapd | =2.4 | |
hostapd | =2.5 | |
hostapd | =2.6 | |
wpa_supplicant | =0.2.4 | |
wpa_supplicant | =0.2.5 | |
wpa_supplicant | =0.2.6 | |
wpa_supplicant | =0.2.7 | |
wpa_supplicant | =0.2.8 | |
wpa_supplicant | =0.3.7 | |
wpa_supplicant | =0.3.8 | |
wpa_supplicant | =0.3.9 | |
wpa_supplicant | =0.3.10 | |
wpa_supplicant | =0.3.11 | |
wpa_supplicant | =0.4.7 | |
wpa_supplicant | =0.4.8 | |
wpa_supplicant | =0.4.9 | |
wpa_supplicant | =0.4.10 | |
wpa_supplicant | =0.4.11 | |
wpa_supplicant | =0.5.7 | |
wpa_supplicant | =0.5.8 | |
wpa_supplicant | =0.5.9 | |
wpa_supplicant | =0.5.10 | |
wpa_supplicant | =0.5.11 | |
wpa_supplicant | =0.6.8 | |
wpa_supplicant | =0.6.9 | |
wpa_supplicant | =0.6.10 | |
wpa_supplicant | =0.7.3 | |
wpa_supplicant | =1.0 | |
wpa_supplicant | =1.1 | |
wpa_supplicant | =2.0 | |
wpa_supplicant | =2.1 | |
wpa_supplicant | =2.2 | |
wpa_supplicant | =2.3 | |
wpa_supplicant | =2.4 | |
wpa_supplicant | =2.5 | |
wpa_supplicant | =2.6 | |
SUSE Linux Enterprise Desktop | =12-sp2 | |
SUSE Linux Enterprise Desktop | =12-sp3 | |
SUSE Linux Enterprise Point of Sale | =11-sp3 | |
SUSE Linux Enterprise Server | =11-sp3 | |
SUSE Linux Enterprise Server | =11-sp4 | |
SUSE Linux Enterprise Server | =12 | |
openSUSE OpenStack Cloud | =6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-13087 has a high severity level as it allows attackers to exploit the Group Temporal Key reinstallation during WNM Sleep Mode Response frames.
To fix CVE-2017-13087, users should apply the latest patches provided by their operating system or device vendors that address this vulnerability.
CVE-2017-13087 affects various systems including multiple versions of Android, Ubuntu, Debian, FreeBSD, and OpenSUSE.
No, CVE-2017-13087 requires an attacker to be within radio range to exploit the vulnerability.
Exploiting CVE-2017-13087 could allow attackers to intercept and replay network frames, potentially compromising the confidentiality of the data transmitted.