Severity
6.8MEDIUM
EPSS
0.5%
top 33.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 17
Latest updateMay 13
Description
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVSS vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2
Affected Packages12 packages
Also affects: Freebsd 10, 10.4, 11, 11.1, Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.04
🔴Vulnerability Details
4GHSA▶
GHSA-9pwc-v5p9-3c37: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowin↗2022-05-13
OSV▶
CVE-2017-13086: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowin↗2017-10-17
CVEList▶
CVE-2017-13086: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowin↗2017-10-17
📋Vendor Advisories
6💬Community
3Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 wpa_supplicant: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 hostapd: various flaws [fedora-all]↗2017-10-16
Bugzilla▶
CVE-2017-13086 wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake↗2017-10-10