CVE-2017-13080 — Reusing a Nonce, Key Pair in Encryption in Alliance Wi-fi Protected Access
Severity
5.3MEDIUMNVD
OSV7.5
EPSS
0.8%
top 25.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 17
Latest updateMay 13
Description
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVSS vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6
Affected Packages11 packages
Also affects: Freebsd 10, 10.4, 11, 11.1, Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.04
🔴Vulnerability Details
7GHSA▶
GHSA-jq36-53qv-7v3m: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker withi↗2022-05-13
OSV▶
CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker withi↗2017-10-17
CVEList▶
CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker withi↗2017-10-17
📋Vendor Advisories
19Apple▶
CVE-2017-13080: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan↗2018-03-29
💬Community
3Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 wpa_supplicant: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 hostapd: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake↗2017-09-14