Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-13080

Date: October 17, 2017

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Language: C

Severity Score

Related Resources (49)

https://support.apple.com/HT208334
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://access.redhat.com/security/vulnerabilities/kracks
https://source.android.com/security/bulletin/2017-11-01
https://support.apple.com/HT208219
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
http://www.securityfocus.com/bid/101274
http://www.kb.cert.org/vuls/id/228519
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
http://www.securitytracker.com/id/1039703
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
https://www.krackattacks.com/
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
https://nvd.nist.gov/vuln/detail/CVE-2017-13080
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://access.redhat.com/errata/RHSA-2017:2907
http://www.securitytracker.com/id/1039585
https://support.lenovo.com/us/en/product_security/LEN-17420
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securitytracker.com/id/1039581
https://support.apple.com/HT208222
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
https://support.apple.com/HT208220
https://support.apple.com/HT208221
http://www.ubuntu.com/usn/USN-3455-1
https://security-tracker.debian.org/tracker/CVE-2017-13080
https://cert.vde.com/en-us/advisories/vde-2017-003
https://support.apple.com/HT208325
https://cert.vde.com/en-us/advisories/vde-2017-005
https://support.apple.com/HT208327
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
https://access.redhat.com/errata/RHSA-2017:2911
https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13080
http://www.securitytracker.com/id/1039577
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
https://security.gentoo.org/glsa/201711-03
http://www.securitytracker.com/id/1039576
http://www.securitytracker.com/id/1039578
http://www.securitytracker.com/id/1039573
http://www.securitytracker.com/id/1039572
http://www.debian.org/security/2017/dsa-3999
https://access.redhat.com/security/cve/CVE-2017-13080
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://www.mend.io/vulnerability-database/CVE-2017-13080
https://www.mend.io/resources/blog/top-10-security-vulnerabilities-of-2017

Severity Score

Weakness Type (CWE)

Security Features

CWE-254

Use of Insufficiently Random Values

CWE-330

Reusing a Nonce, Key Pair in Encryption

CWE-323

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT_NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): ADJACENT
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us