CVE-2017-13077 — KRACK: Use of Insufficiently Random Values in WPA2
Severity
6.8MEDIUMNVD
OSV7.5
EPSS
0.8%
top 26.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 17
Latest updateMay 13
Description
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVSS vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2
Affected Packages10 packages
Also affects: Freebsd 10, 10.4, 11, 11.1, Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.04
🔴Vulnerability Details
4GHSA▶
GHSA-wxv4-3q58-w3mx: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allow↗2022-05-13
OSV▶
CVE-2017-13077: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allow↗2017-10-17
CVEList▶
CVE-2017-13077: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allow↗2017-10-17
📋Vendor Advisories
13Android▶
CVE-2017-13077: Android Security Bulletin 2017-11-01
CVE: CVE-2017-13077
Severity: HIGH
Type: EoP
Affected AOSP versions: 5↗2017-11-01
💬Community
4Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 wpa_supplicant: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 hostapd: various flaws [fedora-all]↗2017-10-16
Bugzilla
▶