Severity
5.3MEDIUM
EPSS
0.5%
top 35.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 17
Latest updateMay 13
Description
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVSS vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6
Affected Packages14 packages
Also affects: Freebsd 10, 10.4, 11, 11.1, Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.04
🔴Vulnerability Details
5📋Vendor Advisories
7Android▶
CVE-2017-13081: Android Security Bulletin 2017-11-01
CVE: CVE-2017-13081
Severity: HIGH
Type: EoP
Affected AOSP versions: 5↗2017-11-01
💬Community
3Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 wpa_supplicant: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 hostapd: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13081 wpa_supplicant: Reinstallation of the integrity group key in the group key handshake↗2017-09-14