Severity
5.3MEDIUM
EPSS
0.5%
top 35.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 17
Latest updateMay 13
Description
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVSS vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6
Affected Packages13 packages
Also affects: Freebsd 10, 10.4, 11, 11.1, Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.04
🔴Vulnerability Details
4📋Vendor Advisories
6Android▶
CVE-2017-13079: Android Security Bulletin 2017-11-01
CVE: CVE-2017-13079
Severity: HIGH
Type: EoP
Affected AOSP versions: 5↗2017-11-01
💬Community
3Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 wpa_supplicant: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 hostapd: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13079 wpa_supplicant: Reinstallation of the integrity group key in the 4-way handshake↗2017-09-14