cve-2017-13079
Vulnerability from cvelistv5
Published
2017-10-17 13:00
Modified
2024-08-05 18:58
Severity ?
EPSS score ?
Summary
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Wi-Fi Alliance | Wi-Fi Protected Access (WPA and WPA2) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1039581", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039581" }, { "name": "101274", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101274" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "SUSE-SU-2017:2745", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html" }, { "name": "DSA-3999", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3999" }, { "name": "1039578", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039578" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://access.redhat.com/security/vulnerabilities/kracks" }, { "name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt" }, { "name": "1039577", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039577" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us" }, { "name": "openSUSE-SU-2017:2755", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "GLSA-201711-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-03" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-17420" }, { "name": "FreeBSD-SA-17:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.krackattacks.com/" }, { "name": "1039573", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039573" }, { "name": "SUSE-SU-2017:2752", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html" }, { "name": "1039576", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039576" }, { "name": "1039585", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039585" }, { "name": "VU#228519", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/228519" }, { "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-005" }, { "name": "USN-3455-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-3455-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wi-Fi Protected Access (WPA and WPA2)", "vendor": "Wi-Fi Alliance", "versions": [ { "status": "affected", "version": "WPA" }, { "status": "affected", "version": "WPA2" } ] } ], "datePublic": "2017-10-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-323", "description": "CWE-323: Reusing a Nonce, Key Pair in Encryption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-13T10:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "1039581", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039581" }, { "name": "101274", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101274" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "SUSE-SU-2017:2745", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html" }, { "name": "DSA-3999", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3999" }, { "name": "1039578", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039578" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://access.redhat.com/security/vulnerabilities/kracks" }, { "name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa" }, { "tags": [ "x_refsource_MISC" ], "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt" }, { "name": "1039577", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039577" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us" }, { "name": "openSUSE-SU-2017:2755", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "GLSA-201711-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-03" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-17420" }, { "name": "FreeBSD-SA-17:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.krackattacks.com/" }, { "name": "1039573", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039573" }, { "name": "SUSE-SU-2017:2752", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html" }, { "name": "1039576", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039576" }, { "name": "1039585", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039585" }, { "name": "VU#228519", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/228519" }, { "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-005" }, { "name": "USN-3455-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-3455-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2017-13079", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Wi-Fi Protected Access (WPA and WPA2)", "version": { "version_data": [ { "version_value": "WPA" }, { "version_value": "WPA2" } ] } } ] }, "vendor_name": "Wi-Fi Alliance" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-323: Reusing a Nonce, Key Pair in Encryption" } ] } ] }, "references": { "reference_data": [ { "name": "1039581", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039581" }, { "name": "101274", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101274" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "SUSE-SU-2017:2745", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html" }, { "name": "DSA-3999", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3999" }, { "name": "1039578", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039578" }, { "name": "https://access.redhat.com/security/vulnerabilities/kracks", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/vulnerabilities/kracks" }, { "name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa" }, { "name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt", "refsource": "MISC", "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt" }, { "name": "1039577", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039577" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us" }, { "name": "openSUSE-SU-2017:2755", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html" }, { "name": "https://source.android.com/security/bulletin/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-11-01" }, { "name": "GLSA-201711-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-03" }, { "name": "https://support.lenovo.com/us/en/product_security/LEN-17420", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-17420" }, { "name": "FreeBSD-SA-17:07", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc" }, { "name": "https://www.krackattacks.com/", "refsource": "MISC", "url": "https://www.krackattacks.com/" }, { "name": "1039573", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039573" }, { "name": "SUSE-SU-2017:2752", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html" }, { "name": "1039576", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039576" }, { "name": "1039585", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039585" }, { "name": "VU#228519", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/228519" }, { "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-005", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-005" }, { "name": "USN-3455-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3455-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2017-13079", "datePublished": "2017-10-17T13:00:00", "dateReserved": "2017-08-22T00:00:00", "dateUpdated": "2024-08-05T18:58:12.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-13079\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-10-17T13:29:00.367\",\"lastModified\":\"2019-10-03T00:03:26.223\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\"},{\"lang\":\"es\",\"value\":\"Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11w permite la reinstalaci\u00f3n de la clave temporal IGTK (Integrity Group Temporal Key) durante la negociaci\u00f3n en cuatro pasos, haciendo que un atacante en el rango de radio suplante frames desde los puntos de acceso hasta los clientes.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.9},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":5.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]},{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-323\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"588D4F37-0A56-47A4-B710-4D5F3D214FB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9EC02F3-3905-460D-8949-3B26394215CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4195DB45-CF5A-4FA6-BF58-BAF77EE555C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD5B9266-A927-4F62-8742-721CE9A4C4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"602D3280-2974-4809-BE70-1EA9437AEBF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5753931-556B-4EEC-B510-751BA3613CE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2095C863-1FB0-4016-81FF-3CAB44E77FD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC7AAFCB-AB64-4B39-87AA-936E386A82C2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6454F0F-6CC1-4EA2-8D7C-51709FD7F318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFCB5512-B60E-48D7-B136-ADF19E5E74BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EB1420D-5D05-4BFC-8AF7-2AB00B76148B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21324D89-B634-4D6B-987B-4AD29079373D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB43314-8725-48A0-8902-864567808AD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AA3D0E-C483-4575-8209-DE643A3FEC7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0DE22EA-D5FA-4477-A3AD-F10455D8DB9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1212B910-E4A5-47A1-A263-4E1C13CF3EFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A6A99E-5129-4E8D-A0AF-61755BDA3565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC42F782-63CB-4960-BF65-4856776CFBE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"212B0353-4AEF-4861-A054-6193CAA05390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E702507-5BA0-4A12-80C6-A729F32A6A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24810936-DABC-485D-B952-22F16C3016FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF46881-4484-4ABB-AC0C-152664E2CD6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"880CBDD7-BFEC-48F6-8C4C-D300143B6571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B29CCA41-5784-48C3-B9ED-6B1FF063FB1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37B9643D-4046-4034-8B68-18F59154CD66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"681C458F-D1BD-48DA-86C7-BA714F5AA9B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4057F722-1A8E-4D75-B049-E3632AC8EF65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F53FDB-7136-444E-AB03-9D8A6A31E249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63AB46C0-2F00-4805-84A9-323BA4E594DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06119A43-B1CA-4021-87D2-C67BE6125423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768D16AF-3A8B-47DD-A499-948A73062AE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BECC3EF-2777-4FF9-9750-93D1245A9247\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2D07095-6331-4079-BD86-E414CEE35624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61CDB3D2-F6C3-43CF-ACE8-95E96DF02293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CCD4904-08CA-45C7-A3D0-90BE5C88CDBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B4681FC-44F4-4E86-8431-8EDAD65492D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC6FB535-AFFF-4083-AF1D-9E1ED504158F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74105F9-E729-47BA-A96F-4D15947B673A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5F7411-0B32-4041-8235-2B1AEC186FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9191D783-4390-4603-9C4D-F673270E63C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36F3308-EABA-451F-90E1-65919450A809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44F6680B-7015-4EB0-AABC-A4DD50894CD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CAFF5E3-EA27-4688-87AD-1648003D3D1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"081B4F7E-D7D0-452A-AAEB-0378EB6E7BC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E00A5B5-81D8-4BF3-B857-028D7D06CA5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"476C3ED0-B77C-490F-AF1E-BC4C7D52D818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B1972B5-F896-419C-9FFA-FB583B114B8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2E84533-EB76-4A8F-90ED-E9342EAF3427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5AE0623-87CB-4CEF-BD3B-6BCF676031CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"905B55A4-2488-44D1-991F-C142C3527F18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD1984D-BCC2-4FC6-B02E-226B1D8BC6F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90102D17-8D03-4F59-811B-FBFB98D627C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9381F69-1633-44DD-967F-D29587B67079\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9169BDAC-6207-4B6A-8EF3-D52DED1A9311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FBCD6EA-4E6D-4C6E-97E5-B64F6CB90639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E17E03-53C6-4E74-91A8-4C4363666291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4C6FEDE-B0E9-479A-9185-48D62DBC91FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"643762E2-969E-4531-B79E-961697E5DA8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"627AD871-2091-48E9-B801-3E3D5CF8E594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BC691E5-6265-4FAB-9ACA-C65EB99AFA47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4701BF31-B3FC-4590-9787-3BA94ECB8D54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DB96005-E214-4C60-865E-B693115527D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF264-2315-43CE-B2A6-4234B394854C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EF53AD-F985-446E-89B8-4BFECE00AD63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A11DBFA-9F0E-4358-8541-E5371C11FE80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738AEB08-FF7D-4DC3-AB14-B8F2B9474810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E8C5523-16E4-417E-A159-F5D0F9E83C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AE48919-35E0-4C9A-BAEB-A6402FA7BD4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB93C2FC-6913-448E-8B93-EEB2229EC86C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ECA3172-7088-4B5E-923D-37B155729BD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48FD6B1B-7555-449D-9CCB-1487FAEE8098\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9726F4DE-8037-49AD-A092-7EF9D5BF99EC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"57CFAD92-EECD-417D-ADDB-8178C320B204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1DCD75C-9775-4922-8A44-C4707C640946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"086BF5C5-255C-4E2E-83D3-A8B83AED6B60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*\",\"matchCriteriaId\":\"91F8AC0A-13B4-4DF0-B40D-8756ACCDB4C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C5561F-BE86-4EEA-99D4-8697F8BD9DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"B2F3699A-38E4-4E9D-9414-411F71D9E371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07E4AF6E-9BA4-4542-8F9F-6BA723F7A64D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3999\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/228519\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/101274\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039573\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039576\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039577\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039578\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039581\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039585\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3455-1\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/kracks\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2017-005\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201711-03\",\"source\":\"cret@cert.org\"},{\"url\":\"https://source.android.com/security/bulletin/2017-11-01\",\"source\":\"cret@cert.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us\",\"source\":\"cret@cert.org\"},{\"url\":\"https://support.lenovo.com/us/en/product_security/LEN-17420\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.krackattacks.com/\",\"source\":\"cret@cert.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.