DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2017-13077", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2017-13077", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "published": "2017-10-17T02:29:00", "modified": "2019-10-03T00:03:00", "epss": [{"cve": "CVE-2017-13077", "epss": 0.00164, "percentile": 0.51898, "modified": "2023-06-23"}], "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "ADJACENT_NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 5.4}, "severity": "MEDIUM", "exploitabilityScore": 5.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.6, "impactScore": 5.2}, "href": "https://security.alpinelinux.org/vuln/CVE-2017-13077", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2017-13077"], "immutableFields": [], "lastseen": "2023-06-23T15:26:49", "viewCount": 13, "enchantments": {"score": {"value": 6.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "androidsecurity", "idList": ["ANDROID:2017-11-01", "ANDROID:2018-04-01", "ANDROID:2018-05-01", "ANDROID:2018-06-01", "ANDROID:2018-07-01", "ANDROID:2018-08-01"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:076A5029E1D9073AD8A212C272CBA098", "APPLE:31324259F2722EDCDF4BD19554187E7A", "APPLE:718D8AEEB116992EF0FD8052E050FE9A", "APPLE:B8F16B37FC64788E8894EE9818D392DA", "APPLE:CE1834F14896537612441EAFB62595C9", "APPLE:FAC8B05FC20C773432450AA689A274D6", "APPLE:HT208219", "APPLE:HT208220", "APPLE:HT208221", "APPLE:HT208222", "APPLE:HT208258", "APPLE:HT208354", "APPLE:HT208847"]}, {"type": "archlinux", "idList": ["ASA-201710-22", "ASA-201710-23"]}, {"type": "centos", "idList": ["CESA-2017:2907", "CESA-2017:2911"]}, {"type": "cert", "idList": ["VU:228519"]}, {"type": "chrome", "idList": ["GCSA-3243422487019122956"]}, {"type": "cisco", "idList": ["CISCO-SA-20171016-WPA"]}, {"type": "cve", "idList": ["CVE-2017-13077"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1150-1:A6833", "DEBIAN:DLA-1573-1:A1DDB", "DEBIAN:DSA-3999-1:C5D5F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-13077"]}, {"type": "f5", "idList": ["F5:K23642330"]}, {"type": "fedora", "idList": ["FEDORA:0CCFB604C905", "FEDORA:0DD9C604DD0F", "FEDORA:1714A6074A50", "FEDORA:6384860875B6", "FEDORA:6D2216047E58", "FEDORA:AA0BE60A8642"]}, {"type": "fortinet", "idList": ["FG-IR-17-196"]}, {"type": "freebsd", "idList": ["D670A953-B2A1-11E7-A633-009C02A2AB30"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-17:07.WPA"]}, {"type": "gentoo", "idList": ["GLSA-201711-03"]}, {"type": "hackerone", "idList": ["H1:286740"]}, {"type": "hp", "idList": ["HP:C05843704", "HP:C05872536", "HP:C05876244"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171117-01-WPA"]}, {"type": "ibm", "idList": ["6169D0EAC67EDB02CCDFA80C1A2FCCA9F7067EC15C903B79199F4880E5813DBD"]}, {"type": "ics", "idList": ["ICSA-17-318-01", "ICSA-17-318-01-0", "ICSA-17-318-01A", "ICSA-17-318-01B", "ICSA-17-318-01C", "ICSA-17-318-02", "ICSA-17-318-02A", "ICSA-17-325-01", "ICSA-17-353-02", "ICSMA-18-114-01", "ICSMA-19-029-01"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00101"]}, {"type": "lenovo", "idList": ["LENOVO:PS500143-NOSID", "LENOVO:PS500143-WPA2-PROTOCOL-VULNERABILITIES-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2017-0379", "MGASA-2018-0323"]}, {"type": "mskb", "idList": ["KB4089694"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789609"]}, {"type": "nessus", "idList": ["ARUBAOS_KRACK.NASL", "CENTOS_RHSA-2017-2907.NASL", "CENTOS_RHSA-2017-2911.NASL", "CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL", "DEBIAN_DLA-1150.NASL", "DEBIAN_DLA-1573.NASL", "DEBIAN_DSA-3999.NASL", "EULEROS_SA-2017-1241.NASL", "EULEROS_SA-2017-1242.NASL", "EULEROS_SA-2019-1414.NASL", "EULEROS_SA-2019-1422.NASL", "FEDORA_2017-12E76E8364.NASL", "FEDORA_2017-45044B6B33.NASL", "FEDORA_2017-60BFB576B7.NASL", "FEDORA_2017-CFB950D8F4.NASL", "FEDORA_2017-F45E844A85.NASL", "FEDORA_2017-FC21E3856B.NASL", "FORTIOS_FG-IR-17-196.NASL", "FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL", "GENTOO_GLSA-201711-03.NASL", "JUNIPER_JSA10827_KRACK.NASL", "MACOSX_SECUPD2017-004.NASL", "MACOS_10_13_1.NASL", "MIKROTIK_KRACK.NASL", "NEWSTART_CGSL_NS-SA-2019-0120_WPA_SUPPLICANT.NASL", "OPENSUSE-2020-2053.NASL", "OPENSUSE-2020-2059.NASL", "ORACLELINUX_ELSA-2017-2907.NASL", "ORACLELINUX_ELSA-2017-2911.NASL", "PFSENSE_2_3_5.NASL", "REDHAT-RHSA-2017-2907.NASL", "REDHAT-RHSA-2017-2911.NASL", "SCREENOS_JSA10827_KRACK.NASL", "SLACKWARE_SSA_2017-291-02.NASL", "SL_20171018_WPA_SUPPLICANT_ON_SL6_X.NASL", "SL_20171018_WPA_SUPPLICANT_ON_SL7_X.NASL", "SUSE_SU-2020-3380-1.NASL", "SUSE_SU-2020-3424-1.NASL", "SUSE_SU-2022-1853-1.NASL", "UBUNTU_USN-3455-1.NASL", "VIRTUOZZO_VZLSA-2017-2907.NASL", "VIRTUOZZO_VZLSA-2017-2911.NASL"]}, {"type": "nvidia", "idList": ["NVIDIA:4601"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107191", "OPENVAS:1361412562310108254", "OPENVAS:1361412562310108257", "OPENVAS:1361412562310108292", "OPENVAS:1361412562310140432", "OPENVAS:1361412562310140451", "OPENVAS:1361412562310140452", "OPENVAS:1361412562310703999", "OPENVAS:1361412562310811959", "OPENVAS:1361412562310812042", "OPENVAS:1361412562310812044", "OPENVAS:1361412562310843342", "OPENVAS:1361412562310873510", "OPENVAS:1361412562310873515", "OPENVAS:1361412562310873647", "OPENVAS:1361412562310873667", "OPENVAS:1361412562310873699", "OPENVAS:1361412562310882787", "OPENVAS:1361412562310882788", "OPENVAS:1361412562310891150", "OPENVAS:1361412562310891573", "OPENVAS:1361412562311220171241", "OPENVAS:1361412562311220171242", "OPENVAS:1361412562311220191414", "OPENVAS:1361412562311220191422"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2907", "ELSA-2017-2911"]}, {"type": "osv", "idList": ["OSV:DLA-1150-1", "OSV:DLA-1573-1", "OSV:DSA-3999-1"]}, {"type": "redhat", "idList": ["RHSA-2017:2907", "RHSA-2017:2911"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-13077"]}, {"type": "slackware", "idList": ["SSA-2017-291-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2053-1", "OPENSUSE-SU-2020:2059-1"]}, {"type": "thn", "idList": ["THN:29EC2E0BD61CF15B2E756ECA04EDFF50"]}, {"type": "ubuntu", "idList": ["USN-3455-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-13077"]}, {"type": "veracode", "idList": ["VERACODE:12637"]}]}, "vulnersScore": 6.9}, "_state": {"score": 1687534434, "dependencies": 1687540704}, "_internal": {"score_hash": "00181d0967890c856a038860b6202a0c"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "edge-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.10-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.10-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.11-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.11-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.12-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.12-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.13-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.13-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.14-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.14-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.15-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.15-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.16-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.16-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.17-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.17-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.18-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.18-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.5-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r1", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.5-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.6-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.6-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r4", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.7-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.7-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.8-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.8-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}, {"OS": "Alpine", "OSVersion": "3.9-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r2", "operator": "lt", "packageName": "hostapd"}, {"OS": "Alpine", "OSVersion": "3.9-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.6-r7", "operator": "lt", "packageName": "wpa_supplicant"}]}

{"cve": [{"lastseen": "2023-06-23T14:21:28", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-10-17T02:29:00", "type": "cve", "title": "CVE-2017-13077", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:redhat:enterprise_linux_server:7", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/o:suse:linux_enterprise_desktop:12"], "id": "CVE-2017-13077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-05-18T14:22:02", "description": "Latest hostapd release with KRACK patches applied.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "Fedora 25 : hostapd (2017-cfb950d8f4) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hostapd", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-CFB950D8F4.NASL", "href": "https://www.tenable.com/plugins/nessus/104608", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-cfb950d8f4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104608);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\");\n script_xref(name:\"FEDORA\", value:\"2017-cfb950d8f4\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 25 : hostapd (2017-cfb950d8f4) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest hostapd release with KRACK patches applied.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cfb950d8f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"hostapd-2.6-6.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:49", "description": "Latest hostapd release with KRACK patches applied.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "Fedora 26 : hostapd (2017-45044b6b33) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hostapd", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-45044B6B33.NASL", "href": "https://www.tenable.com/plugins/nessus/104598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-45044b6b33.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104598);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13077\");\n script_xref(name:\"FEDORA\", value:\"2017-45044b6b33\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 26 : hostapd (2017-45044b6b33) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest hostapd release with KRACK patches applied.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-45044b6b33\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"hostapd-2.6-6.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:55", "description": "Latest hostapd release with KRACK patches applied.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : hostapd (2017-fc21e3856b) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hostapd", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-FC21E3856B.NASL", "href": "https://www.tenable.com/plugins/nessus/106016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fc21e3856b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106016);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\");\n script_xref(name:\"FEDORA\", value:\"2017-fc21e3856b\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 27 : hostapd (2017-fc21e3856b) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest hostapd release with KRACK patches applied.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fc21e3856b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"hostapd-2.6-6.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:21", "description": "An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "RHEL 6 : wpa_supplicant (RHSA-2017:2911) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13087"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:wpa_supplicant", "p-cpe:/a:redhat:enterprise_linux:wpa_supplicant-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-2911.NASL", "href": "https://www.tenable.com/plugins/nessus/103958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2911. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103958);\n script_version(\"3.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13087\");\n script_xref(name:\"RHSA\", value:\"2017:2911\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"RHEL 6 : wpa_supplicant (RHSA-2017:2911) (KRACK)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/kracks\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13087\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wpa_supplicant and / or wpa_supplicant-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2911\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"wpa_supplicant-0.7.3-9.el6_9.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"wpa_supplicant-0.7.3-9.el6_9.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"wpa_supplicant-0.7.3-9.el6_9.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"wpa_supplicant-debuginfo-0.7.3-9.el6_9.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"wpa_supplicant-debuginfo-0.7.3-9.el6_9.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"wpa_supplicant-debuginfo-0.7.3-9.el6_9.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:56", "description": "Security Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.\n(CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : wpa_supplicant on SL6.x i386/x86_64 (20171018) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13087"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:wpa_supplicant", "p-cpe:/a:fermilab:scientific_linux:wpa_supplicant-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171018_WPA_SUPPLICANT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103959);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13087\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Scientific Linux Security Update : wpa_supplicant on SL6.x i386/x86_64 (20171018) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es): * A new exploitation technique called key\nreinstallation attacks (KRACK) affecting WPA2 has been discovered. A\nremote attacker within Wi-Fi range could exploit these attacks to\ndecrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by\nmanipulating cryptographic handshakes used by the WPA2 protocol.\n(CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=11600\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?deb4e9e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wpa_supplicant and / or wpa_supplicant-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"wpa_supplicant-0.7.3-9.el6_9.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"wpa_supplicant-debuginfo-0.7.3-9.el6_9.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:34", "description": "From Red Hat Security Advisory 2017:2911 :\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : wpa_supplicant (ELSA-2017-2911) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13087"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wpa_supplicant", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-2911.NASL", "href": "https://www.tenable.com/plugins/nessus/103955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2911 and \n# Oracle Linux Security Advisory ELSA-2017-2911 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103955);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13087\");\n script_xref(name:\"RHSA\", value:\"2017:2911\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Oracle Linux 6 : wpa_supplicant (ELSA-2017-2911) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2911 :\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007267.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"wpa_supplicant-0.7.3-9.el6_9.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:05", "description": "An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : wpa_supplicant (VZLSA-2017-2911)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13087"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:wpa_supplicant", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-2911.NASL", "href": "https://www.tenable.com/plugins/nessus/119233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119233);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13087\"\n );\n\n script_name(english:\"Virtuozzo 6 : wpa_supplicant (VZLSA-2017-2911)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2911.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4375aa7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2911\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-0.7.3-9.vl6.2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:19", "description": "An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "CentOS 6 : wpa_supplicant (CESA-2017:2911) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13087"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wpa_supplicant", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-2911.NASL", "href": "https://www.tenable.com/plugins/nessus/103946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2911 and \n# CentOS Errata and Security Advisory 2017:2911 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103946);\n script_version(\"3.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13087\");\n script_xref(name:\"RHSA\", value:\"2017:2911\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"CentOS 6 : wpa_supplicant (CESA-2017:2911) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022570.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbf71f05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13077\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"wpa_supplicant-0.7.3-9.el6_9.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:39", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has wpa_supplicant packages installed that are affected by multiple vulnerabilities:\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake. (CVE-2017-13087)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.\n (CVE-2017-13080)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.\n (CVE-2017-13078)\n\n - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.\n (CVE-2017-13077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : wpa_supplicant Multiple Vulnerabilities (NS-SA-2019-0120)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13087"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0120_WPA_SUPPLICANT.NASL", "href": "https://www.tenable.com/plugins/nessus/127365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0120. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127365);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13087\"\n );\n script_bugtraq_id(101274);\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : wpa_supplicant Multiple Vulnerabilities (NS-SA-2019-0120)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has wpa_supplicant packages installed that are affected by\nmultiple vulnerabilities:\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a Wireless Network Management\n (WNM) Sleep Mode handshake. (CVE-2017-13087)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a group key handshake.\n (CVE-2017-13080)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a 4-way handshake.\n (CVE-2017-13078)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACKs) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n pairwise key (PTK-TK) during a 4-way handshake.\n (CVE-2017-13077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0120\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL wpa_supplicant packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"wpa_supplicant-0.7.3-9.el6_9.2\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:21", "description": "The remote host is running FortiOS prior to 5.2, 5.2.x prior to or equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to or equal to 5.6.2. It is, therefore, affected by multiple vulnerabilities discovered in the WPA2 handshake protocol.\n\nNote these issues affect only WiFi model devices in 'Wifi Client' mode.", "cvss3": {}, "published": "2017-10-17T00:00:00", "type": "nessus", "title": "Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:fortinet:fortios"], "id": "FORTIOS_FG-IR-17-196.NASL", "href": "https://www.tenable.com/plugins/nessus/103873", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103873);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\"\n );\n script_bugtraq_id(99549, 100516, 101274);\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)\");\n script_summary(english:\"Checks the version of FortiOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running FortiOS prior to 5.2, 5.2.x prior to\nor equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to\nor equal to 5.6.2. It is, therefore, affected by multiple\nvulnerabilities discovered in the WPA2 handshake protocol.\n\nNote these issues affect only WiFi model devices in\n'Wifi Client' mode.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://fortiguard.com/psirt/FG-IR-17-196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.krackattacks.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact vendor for guidance and patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fortinet:fortios\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"fortinet_version.nbin\");\n script_require_keys(\"Host/Fortigate/model\", \"Host/Fortigate/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"vcf.inc\");\n\napp_name = \"FortiOS\";\n\nmodel = get_kb_item_or_exit(\"Host/Fortigate/model\");\n\n# Make sure device is FortiWiFi.\nif (!preg(string:model, pattern:\"fortiwifi\", icase:TRUE)) audit(AUDIT_HOST_NOT, \"a FortiGate WiFi model\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_info = vcf::get_app_info(app:app_name, kb_ver:\"Host/Fortigate/version\");\n\nconstraints = [\n # < 5.2\n { \"min_version\" : \"0.0.0\", \"max_version\" : \"5.2.0\", \"fixed_display\" : \"See Solution.\" },\n # 5.2 x <= 5.2.11\n { \"min_version\" : \"5.2.0\", \"max_version\" : \"5.2.11\", \"fixed_display\" : \"See Solution.\" },\n # 5.4.x <= 5.4.5\n { \"min_version\" : \"5.4.0\", \"max_version\" : \"5.4.5\", \"fixed_display\" : \"See Solution.\" },\n # 5.6.x <= 5.6.2\n { \"min_version\" : \"5.6.0\", \"max_version\" : \"5.6.2\", \"fixed_display\" : \"See Solution.\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-23T05:43:47", "description": "The remote HP LaserJet printer is potentially affected by the following vulnerabilities:\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. (CVE-2017-13077)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. (CVE-2017-13078)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. (CVE-2017-13081)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-19T00:00:00", "type": "nessus", "title": "HP LaserJet Printers Multiple Vulnerabilities (HPSBPI03574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081"], "modified": "2023-09-20T00:00:00", "cpe": ["cpe:/h:hp:laserjet"], "id": "HP_LASERJET_HPSBPI03574.NASL", "href": "https://www.tenable.com/plugins/nessus/181598", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181598);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/20\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\"\n );\n script_xref(name:\"HP\", value:\"HPSBPI03574\");\n\n script_name(english:\"HP LaserJet Printers Multiple Vulnerabilities (HPSBPI03574)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote printer is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote HP LaserJet printer is potentially affected by the following\nvulnerabilities:\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) \n Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, \n decrypt, or spoof frames. (CVE-2017-13077)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the \n four-way handshake, allowing an attacker within radio range to replay frames from access points to \n clients. (CVE-2017-13078)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity \n Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to \n spoof frames from access points to clients. (CVE-2017-13081)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.hp.com/us-en/document/c05876244\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the HP LaserJet firmware referenced in the\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:laserjet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_laserjet_detect.nasl\");\n script_require_keys(\"www/hp_laserjet\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude('http.inc');\n\nvar port = get_http_port(default:80, dont_break:TRUE, embedded:TRUE);\n # Examples:\nvar product = get_kb_item_or_exit('www/hp_laserjet/'+port+'/pname'); # HP LaserJet Enterprise M506\nvar model = get_kb_item_or_exit('www/hp_laserjet/'+port+'/modelnumber'); # F2A68A\nvar firmware = get_kb_item_or_exit('www/hp_laserjet/'+port+'/fw_rev'); # 2308937_578489\nvar url = get_kb_item_or_exit('www/hp_laserjet/'+port+'/url');\nvar fs_full = get_kb_item('www/hp_laserjet/'+port+'/fw_bundle_ver'); # 3.9.8 or 4.1.2\n\nvar full_product = \"HP LaserJet \" + product + \" Model \" + model;\n\nvar parts = split(firmware, sep:\"_\", keep:FALSE);\nvar firmware_major = parts[0]; \n# Some models have different fixed fw versions depending on the futuresmart version\nvar fs_ver = split(fs_full, sep:\".\", keep:FALSE);\nvar fs = fs_ver[0];\n\nvar serial = get_kb_item('www/hp_laserjet/'+port+'/serial');\nif (empty_or_null(serial)) serial = \"unknown\";\n\nvar vuln = FALSE;\nvar fix;\n\nif (isnull(fs_full)) audit(AUDIT_UNKNOWN_APP_VER, \"FutureSmart\");\n\nif (fs == 3)\n{ \n if (model == \"F2A68A\" ||\n model == \"F2A69A\" ||\n model == \"F2A66A\" ||\n model == \"F2A70A\" ||\n model == \"F2A71A\" ||\n model == \"F2A67A\" || \n model == \"CF081A\" || \n model == \"CF082A\" ||\n model == \"CF083A\" ||\n model == \"B5L23A\" ||\n model == \"B5L24A\" ||\n model == \"B5L25A\" || \n model == \"B5L38A\" || \n model == \"B5L26A\" || \n model == \"B5L39A\" ||\n model == \"C2S11A\" ||\n model == \"C2S11V\" ||\n model == \"C2S11V\" || \n model == \"C2S12V\" || \n model == \"L1H45A\" ||\n model == \"G1W46A\" ||\n model == \"G1W46V\" ||\n model == \"G1W47A\" ||\n model == \"G1W47V\" ||\n model == \"L3U44A\" ||\n model == \"L3U44A\" ||\n model == \"CE989A\" ||\n model == \"CE990A\" ||\n model == \"CE991A\" ||\n model == \"CE992A\" ||\n model == \"CE993A\" ||\n model == \"CE994A\" ||\n model == \"CE995A\" || \n model == \"CE996A\" ||\n model == \"E6B67A\" ||\n model == \"E6B68A\" ||\n model == \"E6B69A\" ||\n model == \"E6B70A\" ||\n model == \"E6B71A\" ||\n model == \"E6B72A\" ||\n model == \"E6B73A\" ||\n model == \"CZ255A\" ||\n model == \"CZ256A\" ||\n model == \"CZ257A\" ||\n model == \"CZ258A\" ||\n model == \"H0DC9A\" ||\n model == \"L8Z07A\" ||\n model == \"CF235A\" ||\n model == \"CF236A\" ||\n model == \"CF238A\" ||\n model == \"D3L08A\" ||\n model == \"D3L09A\" ||\n model == \"D3L10A\" ||\n model == \"CZ244A\" ||\n model == \"CZ245A\" ||\n model == \"A2W77A\" ||\n model == \"A2W78A\" ||\n model == \"A2W79A\" ||\n model == \"D7P73A\" ||\n model == \"CF116A\" ||\n model == \"CF117A\" ||\n model == \"CF118A\" ||\n model == \"L3U59A\" ||\n model == \"L3U60A\" ||\n model == \"F2A76A\" ||\n model == \"F2A77A\" ||\n model == \"F2A81A\" ||\n model == \"F2A78V\" ||\n model == \"F2A79A\" ||\n model == \"F2A80A\" ||\n model == \"CD644A\" ||\n model == \"CD645A\" ||\n model == \"CD646A\" ||\n model == \"L3U46A\" ||\n model == \"L3U45A\" ||\n model == \"B5L46A\" ||\n model == \"B5L47A\" ||\n model == \"B5L48A\" ||\n model == \"B5L54A\" ||\n model == \"B5L49A\" ||\n model == \"B5L50A\" ||\n model == \"B5L04A\" ||\n model == \"B5L05A\" ||\n model == \"B5L06A\" ||\n model == \"B5L07A\" ||\n model == \"L3U40A\" ||\n model == \"L3U41A\" ||\n model == \"G1W39A\" ||\n model == \"G1W39V\" ||\n model == \"G1W40A\" ||\n model == \"G1W40V\" ||\n model == \"G1W41A\" ||\n model == \"G1W41V\" ||\n model == \"L3U42A\" ||\n model == \"L3U43A\" ||\n model == \"B3G85A\" ||\n model == \"J7X28A\" ||\n model == \"B3G84A\" ||\n model == \"P7Z47A\" ||\n model == \"B3G86A\" ||\n model == \"L3U61A\" ||\n model == \"L3U62A\" ||\n model == \"P7Z48A\" ||\n model == \"CZ248A\" ||\n model == \"CZ249A\" ||\n model == \"CZ250A\" ||\n model == \"CA251A\" ||\n model == \"L3U47A\" ||\n model == \"L3U48A\" ||\n model == \"CF066A\" ||\n model == \"CF067A\" ||\n model == \"CF068A\" ||\n model == \"CF069A\" ||\n model == \"L3U63A\" ||\n model == \"L3U64A\" ||\n model == \"CC522A\" ||\n model == \"CC523A\" ||\n model == \"CC524A\" ||\n model == \"L3U49A\" ||\n model == \"L3U50A\" ||\n model == \"J7Z08A\" ||\n model == \"J7Z14A\" ||\n model == \"Z5G77A\" ||\n model == \"J7Z03A\" ||\n model == \"J7Z07A\" ||\n model == \"J7Z05A\" ||\n model == \"J7Z13A\" ||\n model == \"Z5G79A\" ||\n model == \"CF367A\" ||\n model == \"D7P68A\" ||\n model == \"L3U65A\" ||\n model == \"A2W76A\" ||\n model == \"A2W75A\" ||\n model == \"D7P70A\" ||\n model == \"D7P71A\" ||\n model == \"D7P68A\" ||\n model == \"L3U51A\" ||\n model == \"L3U52A\" ||\n model == \"L3U65A\" ||\n model == \"L2717A\" ||\n model == \"J8030A\" ||\n model == \"J8031A\" ||\n model == \"F9A29A\" ||\n model == \"F9A29B\" ||\n model == \"T5D66A\" ||\n model == \"F9A30A\" ||\n model == \"F9A30B\" ||\n model == \"T5D67A\" ||\n model == \"1JL02A\" ||\n model == \"F9A28A\" ||\n model == \"F9A28B\" ||\n model == \"CQ891A\" ||\n model == \"CQ891B\" ||\n model == \"CQ891C\" ||\n model == \"CQ890A\" ||\n model == \"CQ890B\" ||\n model == \"CQ890C\" ||\n model == \"CQ893A\" ||\n model == \"CQ893B\" ||\n model == \"CQ893C\")\n {\n fix = \"2308937\";\n vuln = TRUE;\n }\n} \n\nelse if (fs == 4)\n{\n if (model == \"E6B73A\" ||\n model == \"J7Z06A\" ||\n model == \"CZ244A\" ||\n model == \"CZ245A\" ||\n model == \"A2W77A\" ||\n model == \"A2W78A\" ||\n model == \"A2W79A\" ||\n model == \"D7P73A\" ||\n model == \"CF116A\" ||\n model == \"CF117A\" ||\n model == \"CF118A\" ||\n model == \"L3U59A\" ||\n model == \"L3U60A\" ||\n model == \"F2A76A\" ||\n model == \"F2A77A\" ||\n model == \"F2A81A\" ||\n model == \"F2A78V\" ||\n model == \"F2A79A\" ||\n model == \"F2A80A\" ||\n model == \"CD644A\" ||\n model == \"CD645A\" ||\n model == \"CD646A\" ||\n model == \"L3U46A\" ||\n model == \"L3U45A\" ||\n model == \"B5L46A\" ||\n model == \"B5L47A\" ||\n model == \"B5L48A\" ||\n model == \"B5L54A\" ||\n model == \"B5L49A\" ||\n model == \"B5L50A\" ||\n model == \"B5L04A\" ||\n model == \"B5L05A\" ||\n model == \"B5L06A\" ||\n model == \"B5L07A\" ||\n model == \"L3U40A\" ||\n model == \"L3U41A\" ||\n model == \"G1W39A\" ||\n model == \"G1W39V\" ||\n model == \"G1W40A\" ||\n model == \"G1W40V\" ||\n model == \"G1W41A\" ||\n model == \"G1W41V\" ||\n model == \"L3U42A\" ||\n model == \"L3U43A\" ||\n model == \"B3G85A\" ||\n model == \"J7X28A\" ||\n model == \"B3G84A\" ||\n model == \"P7Z47A\" ||\n model == \"B3G86A\" ||\n model == \"L3U61A\" ||\n model == \"L3U62A\" ||\n model == \"P7Z48A\" ||\n model == \"J8J64A\" ||\n model == \"J8J63A\" ||\n model == \"J8J65A\" ||\n model == \"J8J70A\" ||\n model == \"J8J71A\" ||\n model == \"J8J72A\" ||\n model == \"J8J76A\" ||\n model == \"J8J78A\" ||\n model == \"J8J66A\" ||\n model == \"J8J67A\" ||\n model == \"J8J73A\" ||\n model == \"J8J74A\" ||\n model == \"J8J79A\" ||\n model == \"J8J80A\" ||\n model == \"CZ248A\" ||\n model == \"CZ249A\" ||\n model == \"CZ250A\" ||\n model == \"CA251A\" ||\n model == \"L3U47A\" ||\n model == \"L3U48A\" ||\n model == \"J8A10A\" ||\n model == \"J8A11A\" ||\n model == \"J8A12A\" ||\n model == \"J8A13A\" ||\n model == \"J8A17A\" ||\n model == \"J8A16A\" ||\n model == \"L3U67A\" ||\n model == \"L3U70A\" ||\n model == \"L3U66A\" ||\n model == \"L3U69A\" ||\n model == \"CF066A\" ||\n model == \"CF067A\" ||\n model == \"CF068A\" ||\n model == \"CF069A\" ||\n model == \"L3U63A\" ||\n model == \"L3U64A\" ||\n model == \"CC522A\" ||\n model == \"CC523A\" ||\n model == \"CC524A\" ||\n model == \"L3U49A\" ||\n model == \"L3U50A\" ||\n model == \"J7Z10A\" ||\n model == \"J7Z09A\" ||\n model == \"J7Z11A\" ||\n model == \"J7Z12A\" ||\n model == \"J7Z05A\" ||\n model == \"J7Z08A\" ||\n model == \"J7A13A\" ||\n model == \"J7Z14A\" ||\n model == \"Z5G79A\" ||\n model == \"CF367A\" ||\n model == \"D7P68A\" ||\n model == \"L3U65A\" ||\n model == \"A2W76A\" ||\n model == \"A2W75A\" ||\n model == \"D7P70A\" ||\n model == \"D7P71A\" ||\n model == \"D7P68A\" ||\n model == \"L3U51A\" ||\n model == \"L3U52A\" ||\n model == \"L3U65A\" ||\n model == \"X3A69A\" ||\n model == \"X3A68A\" ||\n model == \"Z8Z19A\" ||\n model == \"Z8Z18A\" ||\n model == \"X3A72A\" ||\n model == \"X3A71A\" ||\n model == \"Z8Z21A\" ||\n model == \"Z8Z20A\" ||\n model == \"X3A79A\" ||\n model == \"Z8Z23A\" ||\n model == \"Z8Z22A\" ||\n model == \"X3A75A\" ||\n model == \"X3A74A\" ||\n model == \"X3A59A\" ||\n model == \"X3A60A\" ||\n model == \"Z8Z06A\" ||\n model == \"Z8Z07A\" ||\n model == \"X3A62A\" ||\n model == \"X3A63\" ||\n model == \"Z8Z09A\" ||\n model == \"Z8Z08A\" ||\n model == \"X3A65\" ||\n model == \"X3A66A\" ||\n model == \"Z8Z11A\" ||\n model == \"Z8Z10A\" ||\n model == \"X3A87A\" ||\n model == \"X3A86A\" ||\n model == \"Z8Z12A\" ||\n model == \"Z8Z13A\" ||\n model == \"X3A90A\" ||\n model == \"X3A89A\" ||\n model == \"Z8Z14A\" ||\n model == \"Z8Z15A\" ||\n model == \"X3A92A\" ||\n model == \"X3A93A\" ||\n model == \"Z8Z16A\" ||\n model == \"Z8Z17A\" ||\n model == \"X3A78A\" ||\n model == \"X3A77A\" ||\n model == \"Z8Z00A\" ||\n model == \"Z8Z01A\" ||\n model == \"X3A81A\" ||\n model == \"X3A80A\" ||\n model == \"Z8Z02A\" ||\n model == \"Z8Z03A\" ||\n model == \"X3A84A\" ||\n model == \"X3A83A\" ||\n model == \"Z8Z05A\" ||\n model == \"Z8Z04A\" ||\n model == \"L2762A\")\n {\n fix = \"2405135\";\n vuln = TRUE;\n }\n}\n\nif (!vuln) audit(AUDIT_DEVICE_NOT_VULN, full_product);\n\n# Check firmware revision\n# Only look at the first part of the firmware revision (e.g. 2307497 of 2307497_543950).\n# The last part of the firmware revision changes for each model\n\nif (ver_compare(ver:firmware_major, fix:fix) == -1)\n{\n report =\n '\\n Product : ' + product +\n '\\n Model : ' + model +\n '\\n Serial number : ' + serial +\n '\\n Source URL : ' + url +\n '\\n Installed version : ' + firmware +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_DEVICE_NOT_VULN, full_product, firmware);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:54", "description": "The version of ArubaOS on the remote device is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\nNote: ArbuaOS devices are only vulnerable to CVE-2017-13077, CVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081 while operating as a Wi-Fi supplicant in Mesh mode.", "cvss3": {}, "published": "2017-10-16T00:00:00", "type": "nessus", "title": "ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:arubanetworks:arubaos"], "id": "ARUBAOS_KRACK.NASL", "href": "https://www.tenable.com/plugins/nessus/103855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103855);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\"\n );\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)\");\n script_summary(english:\"Checks the ArubaOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of ArubaOS is affected by a MitM vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ArubaOS on the remote device is affected by\nmultiple vulnerabilities related to the KRACK attacks. This may\nallow an attacker to decrypt, replay, and forge some frames on \na WPA2 encrypted network.\n\nNote: ArbuaOS devices are only vulnerable to CVE-2017-13077, \nCVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081 \nwhile operating as a Wi-Fi supplicant in Mesh mode.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to 6.3.1.25 / 6.4.4.16 / 6.5.1.9\n / 6.5.3.3 / 6.5.4.2 / 8.1.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arubanetworks:arubaos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arubaos_detect.nbin\");\n script_require_keys(\"Host/ArubaNetworks/model\", \"Host/ArubaNetworks/ArubaOS/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nmodel = get_kb_item_or_exit(\"Host/ArubaNetworks/model\");\ndisplay_version = get_kb_item_or_exit(\"Host/ArubaNetworks/ArubaOS/version\");\n\nif(report_paranoia < 2) audit(AUDIT_POTENTIAL_VULN, \"ArubaOS\", display_version);\n\n# Version may contain -FIPS at the end, unable to verify\nversion = ereg_replace(pattern:\"-FIPS\", replace:\"\", string:display_version);\nfix = NULL;\n # -- ArubaOS (all versions prior to 6.3.1.25)\n # -- ArubaOS 6.4 prior to 6.4.4.16\n # -- ArubaOS 6.5.0.x\n # -- ArubaOS 6.5.1 prior to 6.5.1.9\n # -- ArubaOS 6.5.2.x\n # -- ArubaOS 6.5.3 prior to 6.5.3.3\n # -- ArubaOS 6.5.4 prior to 6.5.4.2\n # -- ArubaOS 8.x prior to 8.1.0.4\n\nif ( version =~ \"^8\\.\" ) fix = \"8.1.0.4\";\nelse if ( version =~ \"^6\\.5\\.4\" ) fix = \"6.5.4.2\";\nelse if ( version =~ \"^6\\.5\\.[23]\" ) fix = \"6.5.3.3\";\nelse if ( version =~ \"^6\\.5\\.[01]\" ) fix = \"6.5.1.9\";\nelse if ( version =~ \"^6\\.4\" ) fix = \"6.4.4.16\";\nelse fix = \"6.3.1.25\";\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{ \n if (\"FIPS\" >< display_version) fix += \"-FIPS\";\n report =\n '\\n Model : ' + model +\n '\\n Installed version : ' + display_version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n}\nelse audit(AUDIT_DEVICE_NOT_VULN, \"The ArubaOS device\", display_version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:57", "description": "An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "RHEL 7 : wpa_supplicant (RHSA-2017:2907) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:wpa_supplicant", "p-cpe:/a:redhat:enterprise_linux:wpa_supplicant-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2907.NASL", "href": "https://www.tenable.com/plugins/nessus/103916", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2907. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103916);\n script_version(\"3.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"RHSA\", value:\"2017:2907\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"RHEL 7 : wpa_supplicant (RHSA-2017:2907) (KRACK)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,\nCVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/kracks\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13088\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wpa_supplicant and / or wpa_supplicant-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2907\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"wpa_supplicant-2.6-5.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.6-5.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"wpa_supplicant-debuginfo-2.6-5.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"wpa_supplicant-debuginfo-2.6-5.el7_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:34", "description": "From Red Hat Security Advisory 2017:2907 :\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : wpa_supplicant (ELSA-2017-2907) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wpa_supplicant", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2907.NASL", "href": "https://www.tenable.com/plugins/nessus/103914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2907 and \n# Oracle Linux Security Advisory ELSA-2017-2907 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103914);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"RHSA\", value:\"2017:2907\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Oracle Linux 7 : wpa_supplicant (ELSA-2017-2907) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2907 :\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,\nCVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007266.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.6-5.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:30", "description": "An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : wpa_supplicant (VZLSA-2017-2907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:wpa_supplicant", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-2907.NASL", "href": "https://www.tenable.com/plugins/nessus/104581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104581);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Virtuozzo 7 : wpa_supplicant (VZLSA-2017-2907)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,\nCVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2907.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12ab0007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2907\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.vl7.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:41", "description": "An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "CentOS 7 : wpa_supplicant (CESA-2017:2907) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:wpa_supplicant", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2907.NASL", "href": "https://www.tenable.com/plugins/nessus/103881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2907 and \n# CentOS Errata and Security Advisory 2017:2907 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103881);\n script_version(\"3.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"RHSA\", value:\"2017:2907\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"CentOS 7 : wpa_supplicant (CESA-2017:2907) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for wpa_supplicant is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support\nfor WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE\n802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es) :\n\n* A new exploitation technique called key reinstallation attacks\n(KRACK) affecting WPA2 has been discovered. A remote attacker within\nWi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or\npossibly inject forged Wi-Fi packets by manipulating cryptographic\nhandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,\nCVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,\nCVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original\nreporter of these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022569.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d16ffdb7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.6-5.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:58", "description": "Security Fix(es) :\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20171018) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:wpa_supplicant", "p-cpe:/a:fermilab:scientific_linux:wpa_supplicant-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171018_WPA_SUPPLICANT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103960);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (20171018) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=11151\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f741da50\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected wpa_supplicant and / or wpa_supplicant-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.6-5.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wpa_supplicant-debuginfo-2.6-5.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:41", "description": "Fix the for the Key Reinstallation Attacks ==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-60BFB576B7.NASL", "href": "https://www.tenable.com/plugins/nessus/103896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-60bfb576b7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103896);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-60bfb576b7\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-60bfb576b7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wpa_supplicant-2.6-11.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:17:07", "description": "Several vulnerabilities have been discovered in the firmware for Broadcom BCM43xx wifi chips that may lead to a privilege escalation or loss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the Broadcom wifi firmware and proprietary drivers that could lead to remote code execution. However, this vulnerability is not believed to affect the drivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS implementation in Broadcom wifi firmware. This could be exploited by an attacker on the same WPA2 network to execute code on the wifi microcontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the WMM implementation in Broadcom wifi firmware. This could be exploited by a nearby attacker to execute code on the wifi microcontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol used for authentication in wireless networks, dubbed 'KRACK'.\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.\n\nThese vulnerabilities are only being fixed for certain Broadcom wifi chips, and might still be present in firmware for other wifi hardware.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 20161130-4~deb8u1. This version also adds new firmware and packages for use with Linux 4.9, and re-adds firmware-{adi,ralink} as transitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-13T00:00:00", "type": "nessus", "title": "Debian DLA-1573-1 : firmware-nonfree security update (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0801", "CVE-2017-0561", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-9417"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firmware-adi", "p-cpe:/a:debian:debian_linux:firmware-amd-graphics", "p-cpe:/a:debian:debian_linux:firmware-atheros", "p-cpe:/a:debian:debian_linux:firmware-bnx2", "p-cpe:/a:debian:debian_linux:firmware-bnx2x", "p-cpe:/a:debian:debian_linux:firmware-brcm80211", "p-cpe:/a:debian:debian_linux:firmware-cavium", "p-cpe:/a:debian:debian_linux:firmware-intel-sound", "p-cpe:/a:debian:debian_linux:firmware-intelwimax", "p-cpe:/a:debian:debian_linux:firmware-ipw2x00", "p-cpe:/a:debian:debian_linux:firmware-ivtv", "p-cpe:/a:debian:debian_linux:firmware-iwlwifi", "p-cpe:/a:debian:debian_linux:firmware-libertas", "p-cpe:/a:debian:debian_linux:firmware-linux", "p-cpe:/a:debian:debian_linux:firmware-linux-nonfree", "p-cpe:/a:debian:debian_linux:firmware-misc-nonfree", "p-cpe:/a:debian:debian_linux:firmware-myricom", "p-cpe:/a:debian:debian_linux:firmware-netxen", "p-cpe:/a:debian:debian_linux:firmware-qlogic", "p-cpe:/a:debian:debian_linux:firmware-ralink", "p-cpe:/a:debian:debian_linux:firmware-realtek", "p-cpe:/a:debian:debian_linux:firmware-samsung", "p-cpe:/a:debian:debian_linux:firmware-siano", "p-cpe:/a:debian:debian_linux:firmware-ti-connectivity", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1573.NASL", "href": "https://www.tenable.com/plugins/nessus/118888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1573-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118888);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0801\", \"CVE-2017-0561\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-9417\");\n\n script_name(english:\"Debian DLA-1573-1 : firmware-nonfree security update (KRACK)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation or\nloss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the Broadcom\nwifi firmware and proprietary drivers that could lead to remote code\nexecution. However, this vulnerability is not believed to affect the\ndrivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS\nimplementation in Broadcom wifi firmware. This could be exploited by\nan attacker on the same WPA2 network to execute code on the wifi\nmicrocontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the WMM\nimplementation in Broadcom wifi firmware. This could be exploited by a\nnearby attacker to execute code on the wifi microcontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol used for\nauthentication in wireless networks, dubbed 'KRACK'.\n\nAn attacker exploiting the vulnerabilities could force the\nvulnerable system to reuse cryptographic session keys,\nenabling a range of cryptographic attacks against the\nciphers used in WPA1 and WPA2.\n\nThese vulnerabilities are only being fixed for certain\nBroadcom wifi chips, and might still be present in firmware\nfor other wifi hardware.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n20161130-4~deb8u1. This version also adds new firmware and packages\nfor use with Linux 4.9, and re-adds firmware-{adi,ralink} as\ntransitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firmware-nonfree\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-adi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-amd-graphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-atheros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-bnx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-bnx2x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-brcm80211\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-cavium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-intel-sound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-intelwimax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ipw2x00\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ivtv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-iwlwifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-libertas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux-nonfree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-misc-nonfree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-myricom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-netxen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-qlogic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ralink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-realtek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-samsung\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-siano\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ti-connectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firmware-adi\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-amd-graphics\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-atheros\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-bnx2\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-bnx2x\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-brcm80211\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-cavium\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-intel-sound\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-intelwimax\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ipw2x00\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ivtv\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-iwlwifi\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-libertas\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-linux\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-linux-nonfree\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-misc-nonfree\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-myricom\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-netxen\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-qlogic\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ralink\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-realtek\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-samsung\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-siano\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ti-connectivity\", reference:\"20161130-4~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:10", "description": "Fix the for the Key Reinstallation Attacks ==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-12E76E8364.NASL", "href": "https://www.tenable.com/plugins/nessus/103884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-12e76e8364.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103884);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-12e76e8364\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-12e76e8364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"wpa_supplicant-2.6-3.fc25.1\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:09", "description": "Fix the for the Key Reinstallation Attacks ==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me ssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-F45E844A85.NASL", "href": "https://www.tenable.com/plugins/nessus/106004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f45e844a85.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106004);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-f45e844a85\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f45e844a85\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"wpa_supplicant-2.6-11.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:33", "description": "Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities apply to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2. \n\nMore information can be found in the researchers's paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.\n\n - CVE-2017-13077 :\n reinstallation of the pairwise key in the Four-way handshake\n\n - CVE-2017-13078 :\n reinstallation of the group key in the Four-way handshake\n\n - CVE-2017-13079 :\n reinstallation of the integrity group key in the Four-way handshake\n\n - CVE-2017-13080 :\n reinstallation of the group key in the Group Key handshake\n\n - CVE-2017-13081 :\n reinstallation of the integrity group key in the Group Key handshake\n\n - CVE-2017-13082 :\n accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it\n\n - CVE-2017-13086 :\n reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake\n\n - CVE-2017-13087 :\n reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame\n\n - CVE-2017-13088 :\n reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame", "cvss3": {}, "published": "2017-10-17T00:00:00", "type": "nessus", "title": "Debian DSA-3999-1 : wpa - security update (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wpa", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3999.NASL", "href": "https://www.tenable.com/plugins/nessus/103859", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3999. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103859);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"DSA\", value:\"3999\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Debian DSA-3999-1 : wpa - security update (KRACK)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol, used for\nauthentication in wireless networks. Those vulnerabilities apply to\nboth the access point (implemented in hostapd) and the station\n(implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable\nsystem to reuse cryptographic session keys, enabling a range of\ncryptographic attacks against the ciphers used in WPA1 and WPA2. \n\nMore information can be found in the researchers's paper, Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2.\n\n - CVE-2017-13077 :\n reinstallation of the pairwise key in the Four-way\n handshake\n\n - CVE-2017-13078 :\n reinstallation of the group key in the Four-way\n handshake\n\n - CVE-2017-13079 :\n reinstallation of the integrity group key in the\n Four-way handshake\n\n - CVE-2017-13080 :\n reinstallation of the group key in the Group Key\n handshake\n\n - CVE-2017-13081 :\n reinstallation of the integrity group key in the Group\n Key handshake\n\n - CVE-2017-13082 :\n accepting a retransmitted Fast BSS Transition\n Reassociation Request and reinstalling the pairwise key\n while processing it\n\n - CVE-2017-13086 :\n reinstallation of the Tunneled Direct-Link Setup (TDLS)\n PeerKey (TPK) key in the TDLS handshake\n\n - CVE-2017-13087 :\n reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response\n frame\n\n - CVE-2017-13088 :\n reinstallation of the integrity group key (IGTK) when\n processing a Wireless Network Management (WNM) Sleep\n Mode Response frame\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/#paper\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3999\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wpa packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 2.3-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2:2.4-1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"hostapd\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpagui\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpasupplicant\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpasupplicant-udeb\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"hostapd\", reference:\"2:2.4-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpagui\", reference:\"2:2.4-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant\", reference:\"2:2.4-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.4-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:31", "description": "According to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1242.NASL", "href": "https://www.tenable.com/plugins/nessus/104577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104577);\n script_version(\"3.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1242\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd673af0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:10", "description": "According to the versions of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1241.NASL", "href": "https://www.tenable.com/plugins/nessus/104576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104576);\n script_version(\"3.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1241\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef8e7664\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:32:20", "description": "According to the versions of the wpa_supplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078)\n\n - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1414)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1414.NASL", "href": "https://www.tenable.com/plugins/nessus/124917", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124917);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\",\n \"CVE-2018-14526\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1414)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS Virtualization for ARM 64 installation on the remote host\nis affected by the following vulnerabilities :\n\n - An issue was discovered in rsn_supp/wpa.c in\n wpa_supplicant 2.0 through 2.6. Under certain\n conditions, the integrity of EAPOL-Key messages is not\n checked, leading to a decryption oracle. An attacker\n within range of the Access Point and client can abuse\n the vulnerability to recover sensitive\n information.(CVE-2018-14526)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n pairwise key (PTK-TK) by retransmitting Fast BSS\n Transition (FT) Reassociation Requests.(CVE-2017-13082)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a group key\n handshake.(CVE-2017-13080)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key\n during a TDLS handshake.(CVE-2017-13086)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a 4-way\n handshake.(CVE-2017-13078)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACKs) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n pairwise key (PTK-TK) during a 4-way\n handshake.(CVE-2017-13077)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n integrity group key (IGTK) during a Wireless Network\n Management (WNM) Sleep Mode handshake.(CVE-2017-13088)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a Wireless Network Management\n (WNM) Sleep Mode handshake.(CVE-2017-13087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1414\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a63927e7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T14:19:55", "description": "wpa_supplicant developers report :\n\nA vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.", "cvss3": {}, "published": "2017-10-17T00:00:00", "type": "nessus", "title": "FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:hostapd", "p-cpe:/a:freebsd:freebsd:wpa_supplicant", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_D670A953B2A111E7A633009C02A2AB30.NASL", "href": "https://www.tenable.com/plugins/nessus/103862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103862);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"FreeBSD : WPA packet number reuse with replayed messages and key reinstallation (d670a953-b2a1-11e7-a633-009c02a2ab30) (KRACK)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"wpa_supplicant developers report :\n\nA vulnerability was found in how a number of implementations can be\ntriggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\nreplaying a specific frame that is used to manage the keys.\"\n );\n # http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a90b9925\"\n );\n # https://www.kb.cert.org/vuls/id/228519\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kb.cert.org/vuls/id/228519/\"\n );\n # https://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69b3eb0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wpa_supplicant<=2.6_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"hostapd<=2.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:19", "description": "The version of Juniper Junos OS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks.\nThis may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\nNote that Juniper's products do not support Fast BSS Transition Reassociation and PeerKey Handshake so are Not Vulnerable to CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, or CVE-2017-13088.", "cvss3": {}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2020-06-09T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10827_KRACK.NASL", "href": "https://www.tenable.com/plugins/nessus/105653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105653);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/09\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\"\n );\n script_bugtraq_id(101274);\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK)\");\n script_summary(english:\"Checks Junos OS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The device is vulnerable to key reinstallation attacks (KRACK).\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Juniper Junos OS installed on the remote host\nis affected by multiple vulnerabilities related to the KRACK attacks.\nThis may allow an attacker to decrypt, replay, and forge some frames\non a WPA2 encrypted network.\n\nNote that Juniper's products do not support Fast BSS Transition\nReassociation and PeerKey Handshake so are Not Vulnerable to\nCVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087,\nor CVE-2017-13088.\");\n # https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10827&pmv=print&actp=RSS&searchid=&type=currentpaging\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a379f4f4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Disable all Wi-Fi configurations and set all ports with AX411\nAccess Points down. Refer to vendor advisory for solution and\nmitigation options.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\n#Affects SRX 210, 240, 650 Series\ncheck_model(model:model, flags:SRX_SERIES, exit_on_fail:TRUE);\n\nport = 0;\n\nver_regex = \"^12\\.1X46.*\";\nmodel_regex = \".*SRX(210|240|650)$\";\n\nif (ver =~ ver_regex && model =~ model_regex)\n{\n report =\n '\\n Installed version : '+ver+\n '\\n Fixed version : '+ \"N/A. Refer to Vendor for mitigation options.\" +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse\n audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:32:19", "description": "According to the versions of the wpa_supplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\n\n - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087)\n\n - A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082)\n\n - A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1422)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1422.NASL", "href": "https://www.tenable.com/plugins/nessus/124925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124925);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\",\n \"CVE-2018-14526\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : wpa_supplicant (EulerOS-SA-2019-1422)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\n - An issue was discovered in rsn_supp/wpa.c in\n wpa_supplicant 2.0 through 2.6. Under certain\n conditions, the integrity of EAPOL-Key messages is not\n checked, leading to a decryption oracle. An attacker\n within range of the Access Point and client can abuse\n the vulnerability to recover sensitive\n information.(CVE-2018-14526)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n integrity group key (IGTK) during a Wireless Network\n Management (WNM) Sleep Mode handshake.(CVE-2017-13088)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a group key\n handshake.(CVE-2017-13080)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a Wireless Network Management\n (WNM) Sleep Mode handshake.(CVE-2017-13087)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACKs) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n pairwise key (PTK-TK) during a 4-way\n handshake.(CVE-2017-13077)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n group key (GTK) during a 4-way\n handshake.(CVE-2017-13078)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n pairwise key (PTK-TK) by retransmitting Fast BSS\n Transition (FT) Reassociation Requests.(CVE-2017-13082)\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit this\n attack to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by reinstalling a previously used\n Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key\n during a TDLS handshake.(CVE-2017-13086)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1422\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ef484b6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T14:19:54", "description": "According to its self-reported version, the Cisco ASA with FirePOWER Services is affected by multiple vulnerabilities related to the KRACK attack. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.", "cvss3": {}, "published": "2017-10-16T00:00:00", "type": "nessus", "title": "Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2019-12-20T00:00:00", "cpe": ["cpe:/a:cisco:firepower", "cpe:/a:cisco:firepower_threat_defense"], "id": "CISCO-SA-20171016-WPA-ASA_WITH_FIREPOWER_SERVICES.NASL", "href": "https://www.tenable.com/plugins/nessus/103856", "sourceData": "#TRUSTED 3c32f3c2bdaf5f20e0caf53123aefdf2648988c86afdcc94f8e09785334b1b4d198aab3dabab8864f52ed1ac0c736b19008636dd447d5bac5535aa21e1e8bb1050637e30b670147feb534e6f7ea8e2b178cca6f763916beeb29d942bae06448be2ece162ac99303e1ceec4a92b9f1e2586742fdb82ad351f2430e0596d38b494dcf9f1686742f0007375dbd84f69e1ee004fabbca0a9c6edd473c5c35ae55e19aea97ad665393acc76aa72872b824beaee8ecf4360ea1f941ec2209dcaa47a6b1c6727547b3f15dadaa5d8bb570c27521cffabc5c901ad7c2b08ea61daa449e199309327ffba15d80a4cfcb487a7cf144e7daba5956c6b99ee0cb2d063c383604cbef7389e7f899268e62a732a411ff205fc26f5dfa37a9b56ac0af91118e04c44a45044d07dfcd0d050d46c22f2af8a6d1f1c95ee6d601616619d9ac00223b7ecce042d5f17380585c6a3a2eff5719e6589170010120f708ac352bdb36060c435f2d3ec96743ddae0b12d836e16dcb25739154930fd205c5f806f2d0da8d9e4a1175d7149de99d91ada48ed75d31a2fdc9fb84491705352ebeef3d847915bcbfa6c55ca24a3d9379177a46c04c0e5df791784f5018922576b74f9247e4fdb2bccf44d5cb0d545827d6d41f7bd6f9278f91daf4d5d138631c483649a33b1ae2d79059781b80ce986997782c69a9f00bed82c58f4c032fecfdb564e8fca33b734\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103856);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/12/20\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13084\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n script_bugtraq_id(101274);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvg10793\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20171016-wpa\");\n\n script_name(english:\"Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)\");\n script_summary(english:\"Checks the Cisco ASA with FirePOWER Services version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Cisco ASA with FirePOWER\nServices is affected by multiple vulnerabilities related to the KRACK\nattack. Please see the included Cisco BIDs and the Cisco Security\nAdvisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?deb024bb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg10793\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)\n CSCvg10793 CSCvg10793 CSCvg10793 CSCvg10793 CSCvg10793 CSCvg10793 CSCvg10793 CSCvg10793 CSCvg10793 CSCvg10793.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:firepower\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:firepower_threat_defense\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"Host/Cisco/ASA\", \"Host/Cisco/ASA/model\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"ccf.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n\nshow_ver = get_kb_item_or_exit('Host/Cisco/show_ver');\nmodel = get_kb_item_or_exit('Host/Cisco/ASA/model');\n\n# Affected Models:\n# 5500-X Series\nif (\n model !~ '^5506W-X'\n ) audit(AUDIT_HOST_NOT, \"an affected Cisco ASA product model\");\n\nversion = pregmatch(string:show_ver, pattern:\"\\s*Model\\s*:\\s+Cisco.*Threat\\s+Defense.*Version\\s+([0-9.]+)\");\nif (isnull(version)) audit(AUDIT_HOST_NOT, \"affected\");\n\nversion = version[1];\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_WARNING,\n 'version' , version,\n 'bug_id' , \"CSCvg10793, CSCvg10793, CSCvg10793, CSCvg10793, CSCvg10793, CSCvg10793, CSCvg10793, CSCvg10793, CSCvg10793, CSCvg10793\"\n);\n\nif(ver_compare(fix:\"8.3.130.0\", ver:version, strict:FALSE) < 0)\n{\n cisco::security_report_cisco_v2(reporting:reporting);\n}\nelse\n{\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:21", "description": "New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:wpa_supplicant", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-291-02.NASL", "href": "https://www.tenable.com/plugins/nessus/103944", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-291-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103944);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"SSA\", value:\"2017-291-02\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New wpa_supplicant packages are available for Slackware 14.0, 14.1,\n14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.592891\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8d91289\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i586\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:29", "description": "The remote host is affected by the vulnerability described in GLSA-201711-03 (hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks)\n\n WiFi Protected Access (WPA and WPA2) and it&rsquo;s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details.\n Impact :\n\n An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:hostapd", "p-cpe:/a:gentoo:linux:wpa_supplicant", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201711-03.NASL", "href": "https://www.tenable.com/plugins/nessus/104511", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201711-03.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104511);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"GLSA\", value:\"201711-03\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"GLSA-201711-03 : hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks (KRACK)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201711-03\n(hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks)\n\n WiFi Protected Access (WPA and WPA2) and it&rsquo;s associated technologies\n are all vulnerable to the KRACK attacks. Please review the referenced CVE\n identifiers for details.\n \nImpact :\n\n An attacker can carry out the KRACK attacks on a wireless network in\n order to gain access to network clients. Once achieved, the attacker can\n potentially harvest confidential information (e.g. HTTP/HTTPS), inject\n malware, or perform a myriad of other attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201711-03\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All hostapd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-wireless/hostapd-2.6-r1'\n All wpa_supplicant users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=net-wireless/wpa_supplicant-2.6-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-wireless/hostapd\", unaffected:make_list(\"ge 2.6-r1\"), vulnerable:make_list(\"lt 2.6-r1\"))) flag++;\nif (qpkg_check(package:\"net-wireless/wpa_supplicant\", unaffected:make_list(\"ge 2.6-r3\"), vulnerable:make_list(\"lt 2.6-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd and wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:50", "description": "The version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks.\nThis may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\nNote that Juniper's products do not support Fast BSS Transition Reassociation and PeerKey Handshake so are Not Vulnerable to CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, or CVE-2017-13088.", "cvss3": {}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/o:juniper:screenos"], "id": "SCREENOS_JSA10827_KRACK.NASL", "href": "https://www.tenable.com/plugins/nessus/105654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105654);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\"\n );\n script_bugtraq_id(101274);\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK)\");\n script_summary(english:\"Checks ScreenOS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The device is vulnerable to key reinstallation attacks (KRACK).\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Juniper ScreenOS installed on the remote host\nis affected by multiple vulnerabilities related to the KRACK attacks.\nThis may allow an attacker to decrypt, replay, and forge some frames\non a WPA2 encrypted network.\n\nNote that Juniper's products do not support Fast BSS Transition\nReassociation and PeerKey Handshake so are Not Vulnerable to\nCVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087,\nor CVE-2017-13088.\");\n # https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10827&pmv=print&actp=RSS&searchid=&type=currentpaging\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a379f4f4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Disable all Wi-Fi configurations and refer to the vendor\nadvisory for further solution and mitigation options.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:screenos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"screenos_version.nbin\");\n script_require_keys(\"Host/Juniper/ScreenOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/ScreenOS/Version');\nport = 0;\n\nif (ver =~ \"^6\\.3\")\n{\n report =\n '\\n Installed version : '+ver+\n '\\n Fixed version : '+ \"N/A. Refer to Vendor for mitigation options.\" +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse\n audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:03", "description": "A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.\n\nThose issues are commonly known under the 'KRACK' appelation.\nAccording to US-CERT, 'the impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.'\n\nCVE-2017-13077\n\nReinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.\n\nCVE-2017-13078\n\nReinstallation of the group key (GTK) in the 4-way handshake.\n\nCVE-2017-13079\n\nReinstallation of the integrity group key (IGTK) in the 4-way handshake.\n\nCVE-2017-13080\n\nReinstallation of the group key (GTK) in the group key handshake.\n\nCVE-2017-13081\n\nReinstallation of the integrity group key (IGTK) in the group key handshake.\n\nCVE-2017-13082\n\nAccepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.\n\nCVE-2017-13084\n\nReinstallation of the STK key in the PeerKey handshake.\n\nCVE-2017-13086\n\nreinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.\n\nCVE-2017-13087\n\nreinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\nCVE-2017-13088\n\nreinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.0-3+deb7u5. Note that the latter two vulnerabilities (CVE-2017-13087 and CVE-2017-13088) were mistakenly marked as fixed in the changelog whereas they simply did not apply to the 1.0 version of the WPA source code, which doesn't implement WNM sleep mode responses.\n\nWe recommend that you upgrade your wpa packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Debian DLA-1150-1 : wpa security update (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hostapd", "p-cpe:/a:debian:debian_linux:wpagui", "p-cpe:/a:debian:debian_linux:wpasupplicant", "p-cpe:/a:debian:debian_linux:wpasupplicant-udeb", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1150.NASL", "href": "https://www.tenable.com/plugins/nessus/104299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1150-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104299);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Debian DLA-1150-1 : wpa security update (KRACK)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found in how WPA code can be triggered to\nreconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a\nspecific frame that is used to manage the keys. Such reinstallation of\nthe encryption key can result in two different types of\nvulnerabilities: disabling replay protection and significantly\nreducing the security of encryption to the point of allowing frames to\nbe decrypted or some parts of the keys to be determined by an attacker\ndepending on which cipher is used.\n\nThose issues are commonly known under the 'KRACK' appelation.\nAccording to US-CERT, 'the impact of exploiting these vulnerabilities\nincludes decryption, packet replay, TCP connection hijacking, HTTP\ncontent injection, and others.'\n\nCVE-2017-13077\n\nReinstallation of the pairwise encryption key (PTK-TK) in the 4-way\nhandshake.\n\nCVE-2017-13078\n\nReinstallation of the group key (GTK) in the 4-way handshake.\n\nCVE-2017-13079\n\nReinstallation of the integrity group key (IGTK) in the 4-way\nhandshake.\n\nCVE-2017-13080\n\nReinstallation of the group key (GTK) in the group key handshake.\n\nCVE-2017-13081\n\nReinstallation of the integrity group key (IGTK) in the group key\nhandshake.\n\nCVE-2017-13082\n\nAccepting a retransmitted Fast BSS Transition (FT) Reassociation\nRequest and reinstalling the pairwise encryption key (PTK-TK) while\nprocessing it.\n\nCVE-2017-13084\n\nReinstallation of the STK key in the PeerKey handshake.\n\nCVE-2017-13086\n\nreinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK)\nkey in the TDLS handshake.\n\nCVE-2017-13087\n\nreinstallation of the group key (GTK) when processing a Wireless\nNetwork Management (WNM) Sleep Mode Response frame.\n\nCVE-2017-13088\n\nreinstallation of the integrity group key (IGTK) when processing a\nWireless Network Management (WNM) Sleep Mode Response frame.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0-3+deb7u5. Note that the latter two vulnerabilities (CVE-2017-13087\nand CVE-2017-13088) were mistakenly marked as fixed in the changelog\nwhereas they simply did not apply to the 1.0 version of the WPA source\ncode, which doesn't implement WNM sleep mode responses.\n\nWe recommend that you upgrade your wpa packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wpa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpagui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"hostapd\", reference:\"1.0-3+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wpagui\", reference:\"1.0-3+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wpasupplicant\", reference:\"1.0-3+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wpasupplicant-udeb\", reference:\"1.0-3+deb7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:54", "description": "Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information.\n(CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-10-17T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : wpa vulnerabilities (USN-3455-1) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4476", "CVE-2016-4477", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:hostapd", "p-cpe:/a:canonical:ubuntu_linux:wpasupplicant", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3455-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103863", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3455-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103863);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-4476\", \"CVE-2016-4477\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"USN\", value:\"3455-1\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : wpa vulnerabilities (USN-3455-1) (KRACK)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly\nhandled WPA2. A remote attacker could use this issue with key\nreinstallation attacks to obtain sensitive information.\n(CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,\nCVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly\nhandled invalid characters in passphrase parameters. A remote attacker\ncould use this issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly\nhandled invalid characters in passphrase parameters. A local attacker\ncould use this issue to cause a denial of service, or possibly execute\narbitrary code. (CVE-2016-4477).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3455-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected hostapd and / or wpasupplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"hostapd\", pkgver:\"2.1-0ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"wpasupplicant\", pkgver:\"2.1-0ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"hostapd\", pkgver:\"2.4-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"wpasupplicant\", pkgver:\"2.4-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"hostapd\", pkgver:\"2.4-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"wpasupplicant\", pkgver:\"2.4-0ubuntu9.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd / wpasupplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:32", "description": "According to its self-reported version, the remote networking device is running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x < 6.40.4, or 6.41rc. It, therefore, vulnerable to multiple vulnerabilities discovered in the WPA2 handshake protocol.", "cvss3": {}, "published": "2017-10-16T00:00:00", "type": "nessus", "title": "MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13083", "CVE-2017-13084", "CVE-2017-13085", "CVE-2017-13086", "CVE-2017-13087"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/o:mikrotik:routeros"], "id": "MIKROTIK_KRACK.NASL", "href": "https://www.tenable.com/plugins/nessus/103857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103857);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13083\",\n \"CVE-2017-13084\",\n \"CVE-2017-13085\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\"\n );\n script_bugtraq_id(101274);\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote networking device is affected by a heap corruption\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the remote networking device\nis running a version of MikroTik 6.9.X prior to 6.39.3, 6.40.x <\n6.40.4, or 6.41rc. It, therefore, vulnerable to multiple\nvulnerabilities discovered in the WPA2 handshake protocol.\");\n # https://forum.mikrotik.com/viewtopic.php?f=21&t=126695\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?db1a2125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://forum.mikrotik.com/viewtopic.php?f=21&t=126694\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MikroTik RouterOS 6.39.3 / 6.40.4 / 6.41rc or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13083\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mikrotik:routeros\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mikrotik_detect.nasl\", \"ssh_detect.nasl\");\n script_require_keys(\"MikroTik/RouterOS/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MikroTik/RouterOS/Version\");\nrep_extra = '';\n\nport = 0;\nif (report_paranoia < 2)\n{\n port = get_service(svc:\"ssh\", default:22, exit_on_fail:TRUE);\n banner = get_kb_item_or_exit(\"SSH/banner/\"+port);\n if (\"ROSSSH\" >!< banner) audit(AUDIT_NOT_LISTEN, 'Mikrotik RouterOS sshd', port);\n}\n\nif (version =~ \"^[0-5]\\.\")\n{\n fix = \"6.39.3\";\n rep_extra = \" or 6.40.4 or 6.41rc\";\n}\nelse if (version =~ \"^6\\.39\")\n{\n fix = \"6.39.3\";\n rep_extra = \" or 6.41rc\";\n}\nelse if (version =~ \"^6\\.40\")\n{\n fix = \"6.40.4\";\n rep_extra = \" or 6.41rc\";\n}\nelse\n audit(AUDIT_HOST_NOT, \"affected\");\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n report =\n '\\n Installed version : '+version+\n '\\n Fixed version : '+ fix + rep_extra +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:15", "description": "According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.", "cvss3": {}, "published": "2018-04-13T00:00:00", "type": "nessus", "title": "pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12837", "CVE-2017-12883", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2017-13704", "CVE-2017-14491", "CVE-2017-14492", "CVE-2017-14493", "CVE-2017-14494", "CVE-2017-14495", "CVE-2017-14496"], "modified": "2020-05-08T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_2_3_5.NASL", "href": "https://www.tenable.com/plugins/nessus/109037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109037);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/08\");\n\n script_cve_id(\n \"CVE-2017-12837\",\n \"CVE-2017-12883\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13084\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\",\n \"CVE-2017-13704\",\n \"CVE-2017-14491\",\n \"CVE-2017-14492\",\n \"CVE-2017-14493\",\n \"CVE-2017-14494\",\n \"CVE-2017-14495\",\n \"CVE-2017-14496\"\n );\n script_bugtraq_id(\n 100852,\n 100860,\n 101274,\n 103513\n );\n script_xref(name:\"IAVA\", value:\"2017-A-0284-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n script_xref(name:\"FreeBSD\", value:\"SA-17:07.wpa\");\n\n script_name(english:\"pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is affected by multiple vulnerabilities as stated in the\nreferenced vendor advisories.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.3.5_New_Features_and_Changes\");\n # https://www.netgate.com/blog/no-plan-survives-contact-with-the-internet.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee52d9a2\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-17_07.packages.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e1b23834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.krackattacks.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.3.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14493\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.3.5\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:49", "description": "This update for wpa_supplicant fixes the following issues :\n\nwpa_supplicant was updated to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when using FT protocol\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nEnable SAE support(jsc#SLE-14992).\n\nCVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)\n\nFix wicked wlan (bsc#1156920)\n\nStill include fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nChange wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933)\n\nAdjust the service to start after network.target wrt bsc#1165266\n\nUsing O_WRONLY flag [http://w1.fi/security/2015-5/] (CVE-2015-8041)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3424-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143704", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3424-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143704);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n\n script_name(english:\"SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nwpa_supplicant was updated to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21 (i.e., disable groups 25 and 26) and disable all\n unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation guidance in REVmd (allow only FFC groups\n with prime >= 3072 bits and ECC groups with prime >=\n 256)\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-1/]\n (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-2/]\n (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/] (CVE-2019-9497,\n CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555,\n bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377,\n bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection for SAE; note: this is not backwards\n compatible, i.e., both the AP and station side\n implementations will need to be update at the same time\n to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128, BIP-GMAC-256 in addition to previously\n supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when using FT protocol\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nEnable SAE support(jsc#SLE-14992).\n\nCVE-2019-16275: AP mode PMF disconnection protection bypass\n(bsc#1150934)\n\nFix wicked wlan (bsc#1156920)\n\nStill include fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nChange wpa_supplicant.service to ensure wpa_supplicant gets started\nbefore network. Fix WLAN config on boot with wicked. (bsc#1166933)\n\nAdjust the service to start after network.target wrt bsc#1165266\n\nUsing O_WRONLY flag [http://w1.fi/security/2015-5/] (CVE-2015-8041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://w1.fi/security/2015-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13082/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16275/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9494/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9495/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9497/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9498/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9499/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203424-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?87df2f82\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3424=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-2.9-23.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-debuginfo-2.9-23.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-debugsource-2.9-23.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:30:46", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1853-1 advisory.\n\n - Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.\n (CVE-2015-8041)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. (CVE-2017-13077)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. (CVE-2017-13078)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. (CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. (CVE-2017-13080)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. (CVE-2017-13081)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. (CVE-2017-13082)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. (CVE-2017-13086)\n\n - Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. (CVE-2017-13087)\n\n - Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. (CVE-2017-13088)\n\n - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.\n (CVE-2018-14526)\n\n - The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service).\n This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. (CVE-2019-11555)\n\n - The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery. (CVE-2019-13377)\n\n - The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.\n (CVE-2019-9494)\n\n - The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494.\n Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. (CVE-2019-9495)\n\n - The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. (CVE-2019-9497)\n\n - The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\n (CVE-2019-9498)\n\n - The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.\n An attacker may complete authentication, session key and control of the data connection with a client.\n Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. (CVE-2019-9499)\n\n - The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. (CVE-2022-23303)\n\n - The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. (CVE-2022-23304)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2022:1853-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499", "CVE-2022-23303", "CVE-2022-23304"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-1853-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161651", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1853-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161651);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2015-8041\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\",\n \"CVE-2018-14526\",\n \"CVE-2019-9494\",\n \"CVE-2019-9495\",\n \"CVE-2019-9497\",\n \"CVE-2019-9498\",\n \"CVE-2019-9499\",\n \"CVE-2019-11555\",\n \"CVE-2019-13377\",\n \"CVE-2022-23303\",\n \"CVE-2022-23304\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1853-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2022:1853-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:1853-1 advisory.\n\n - Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5\n allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload\n length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.\n (CVE-2015-8041)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal\n Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or\n spoof frames. (CVE-2017-13077)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the\n four-way handshake, allowing an attacker within radio range to replay frames from access points to\n clients. (CVE-2017-13078)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof\n frames from access points to clients. (CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the\n group key handshake, allowing an attacker within radio range to replay frames from access points to\n clients. (CVE-2017-13080)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof\n frames from access points to clients. (CVE-2017-13081)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise\n Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an\n attacker within radio range to replay, decrypt, or spoof frames. (CVE-2017-13082)\n\n - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer\n Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof\n frames. (CVE-2017-13086)\n\n - Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key\n (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker\n within radio range to replay frames from access points to clients. (CVE-2017-13087)\n\n - Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group\n Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame,\n allowing an attacker within radio range to replay frames from access points to clients. (CVE-2017-13088)\n\n - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the\n integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range\n of the Access Point and client can abuse the vulnerability to recover sensitive information.\n (CVE-2018-14526)\n\n - The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8\n does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be\n received. This could result in process termination due to a NULL pointer dereference (denial of service).\n This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. (CVE-2019-11555)\n\n - The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to\n side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool\n curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be\n used for full password recovery. (CVE-2019-13377)\n\n - The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a\n result of observable timing differences and cache access patterns. An attacker may be able to gain leaked\n information from a side channel attack that can be used for full password recovery. Both hostapd with SAE\n support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.\n (CVE-2019-9494)\n\n - The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a\n result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are\n vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory\n access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of\n hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494.\n Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version\n 2.7 are affected. (CVE-2019-9495)\n\n - The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the\n scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD\n authentication without knowing the password. However, unless the crypto library does not implement\n additional checks for the EC point, the attacker will not be able to derive the session key or complete\n the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including\n version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior\n to and including version 2.7 are affected. (CVE-2019-9497)\n\n - The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit\n validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An\n attacker may be able to use invalid scalar/element values to complete authentication, gaining session key\n and network access without needing or learning the password. Both hostapd with SAE support and\n wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd\n support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\n (CVE-2019-9498)\n\n - The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing\n explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.\n An attacker may complete authentication, session key and control of the data connection with a client.\n Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are\n affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including\n version 2.7 are affected. (CVE-2019-9499)\n\n - The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side\n channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix\n for CVE-2019-9494. (CVE-2022-23303)\n\n - The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to\n side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an\n incomplete fix for CVE-2019-9495. (CVE-2022-23304)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1144443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1165266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1166933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-8041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23304\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011164.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c23a76d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23304\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'wpa_supplicant-2.9-15.22.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'wpa_supplicant-2.9-15.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'wpa_supplicant-2.9-15.22.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'wpa_supplicant-2.9-15.22.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'wpa_supplicant-2.9-15.22.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'wpa_supplicant-2.9-15.22.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'wpa_supplicant');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:26", "description": "This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when using FT protocol\n\n - Changed service-files for start after network (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wpa_supplicant", "p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo", "p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2059.NASL", "href": "https://www.tenable.com/plugins/nessus/143304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2059.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143304);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/02\");\n\n script_cve_id(\"CVE-2015-4141\", \"CVE-2015-4142\", \"CVE-2015-4143\", \"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n\n script_name(english:\"openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)\");\n script_summary(english:\"Check for the openSUSE-2020-2059 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection\n protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service\n (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is\n obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21 (i.e., disable groups 25 and 26) and disable all\n unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation guidance in REVmd (allow only FFC groups\n with prime >= 3072 bits and ECC groups with prime >=\n 256)\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-1/]\n (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-2/]\n (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/] (CVE-2019-9497,\n CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555,\n bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377,\n bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection for SAE; note: this is not backwards\n compatible, i.e., both the AP and station side\n implementations will need to be update at the same time\n to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128, BIP-GMAC-256 in addition to previously\n supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when using FT protocol\n\n - Changed service-files for start after network\n (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wpa_supplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-debuginfo-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-debugsource-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-gui-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-gui-debuginfo-2.9-lp152.8.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:11", "description": "This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\nEnable SAE support (jsc#SLE-14992).\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nFix wicked wlan (bsc#1156920)\n\nRestore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nWith v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)\n\nFix WLAN config on boot with wicked. (bsc#1166933)\n\nUpdate to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21\n\n(i.e., disable groups 25 and 26) and disable all unsuitable groups\n\ncompletely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n\nanti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation\n\nguidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC\n\ngroups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation\n\n[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation\n\n[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/]\n\n(CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n\nbsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n\n[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and\n\n27)\n\n - SAE/EAP-pwd side-channel attack update\n\n[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP\n\nsupports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from\n\ncredentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel\n\nmacsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2\n\nPSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection\n\nfor SAE; note: this is not backwards compatible, i.e., both the AP and\n\nstation side implementations will need to be update at the same time to\n\nmaintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,\n\nBIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when\n\nusing FT protocol\n\nChanged service-files for start after network (systemd-networkd).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3380-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143627", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3380-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143627);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2015-4141\", \"CVE-2015-4142\", \"CVE-2015-4143\", \"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n script_bugtraq_id(74549);\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass\n(bsc#1150934).\n\nNon-security issues fixed :\n\nEnable SAE support (jsc#SLE-14992).\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nFix wicked wlan (bsc#1156920)\n\nRestore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nWith v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete\n(bsc#1167331)\n\nFix WLAN config on boot with wicked. (bsc#1166933)\n\nUpdate to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21\n\n(i.e., disable groups 25 and 26) and disable all unsuitable groups\n\ncompletely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n\nanti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation\n\nguidance in REVmd (allow only FFC groups with prime >= 3072 bits and\nECC\n\ngroups with prime >= 256)\n\n - minimize timing and memory use differences in PWE\n derivation\n\n[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation\n\n[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/]\n\n(CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874,\nbsc#1131872,\n\nbsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n\n[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and\n\n27)\n\n - SAE/EAP-pwd side-channel attack update\n\n[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP\n\nsupports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from\n\ncredentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel\n\nmacsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2\n\nPSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection\n\nfor SAE; note: this is not backwards compatible, i.e., both the AP and\n\nstation side implementations will need to be update at the same time\nto\n\nmaintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128,\n\nBIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when\n\nusing FT protocol\n\nChanged service-files for start after network (systemd-networkd).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13082/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16275/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9494/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9495/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9497/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9498/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9499/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203380-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbb2c120\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3380=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3380=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3380=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3380=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3380=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3380=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:11", "description": "This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when using FT protocol\n\n - Changed service-files for start after network (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wpa_supplicant", "p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo", "p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2053.NASL", "href": "https://www.tenable.com/plugins/nessus/143321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2053.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143321);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/02\");\n\n script_cve_id(\"CVE-2015-4141\", \"CVE-2015-4142\", \"CVE-2015-4143\", \"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n\n script_name(english:\"openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK)\");\n script_summary(english:\"Check for the openSUSE-2020-2053 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection\n protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service\n (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is\n obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21 (i.e., disable groups 25 and 26) and disable all\n unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation guidance in REVmd (allow only FFC groups\n with prime >= 3072 bits and ECC groups with prime >=\n 256)\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-1/]\n (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-2/]\n (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/] (CVE-2019-9497,\n CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555,\n bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377,\n bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection for SAE; note: this is not backwards\n compatible, i.e., both the AP and station side\n implementations will need to be update at the same time\n to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128, BIP-GMAC-256 in addition to previously\n supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when using FT protocol\n\n - Changed service-files for start after network\n (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wpa_supplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-debuginfo-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-debugsource-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-gui-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-gui-debuginfo-2.9-lp151.5.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:51", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13786", "CVE-2017-13799", "CVE-2017-13800", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13808", "CVE-2017-13811", "CVE-2017-13852", "CVE-2017-13907", "CVE-2017-7170", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_1.NASL", "href": "https://www.tenable.com/plugins/nessus/104378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104378);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-13786\",\n \"CVE-2017-13799\",\n \"CVE-2017-13800\",\n \"CVE-2017-13801\",\n \"CVE-2017-13804\",\n \"CVE-2017-13808\",\n \"CVE-2017-13811\",\n \"CVE-2017-13852\",\n \"CVE-2017-13907\",\n \"CVE-2017-7170\",\n \"CVE-2018-4390\",\n \"CVE-2018-4391\"\n );\n script_bugtraq_id(\n 100249,\n 100286,\n 100913,\n 100914,\n 101274,\n 99938,\n 99939,\n 99940,\n 99941\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-2\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"macOS 10.13.x < 10.13.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.1. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208221\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3881783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7170\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.1\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.1', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:57", "description": "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :\n\n - 802.1X\n - apache\n - AppleScript\n - ATS\n - Audio\n - CFString\n - CoreText\n - curl\n - Dictionary Widget\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - ImageIO\n - Kernel\n - libarchive\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - Sandbox\n - StreamingZip\n - tcpdump\n - Wi-Fi", "cvss3": {}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0736", "CVE-2016-2161", "CVE-2016-4736", "CVE-2016-5387", "CVE-2016-8740", "CVE-2016-8743", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-10140", "CVE-2017-11103", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13782", "CVE-2017-13799", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13807", "CVE-2017-13808", "CVE-2017-13809", "CVE-2017-13810", "CVE-2017-13811", "CVE-2017-13812", "CVE-2017-13813", "CVE-2017-13814", "CVE-2017-13815", "CVE-2017-13817", "CVE-2017-13818", "CVE-2017-13819", "CVE-2017-13820", "CVE-2017-13821", "CVE-2017-13822", "CVE-2017-13823", "CVE-2017-13824", "CVE-2017-13825", "CVE-2017-13828", "CVE-2017-13829", "CVE-2017-13830", "CVE-2017-13831", "CVE-2017-13833", "CVE-2017-13834", "CVE-2017-13836", "CVE-2017-13838", "CVE-2017-13840", "CVE-2017-13841", "CVE-2017-13842", "CVE-2017-13843", "CVE-2017-13846", "CVE-2017-13906", "CVE-2017-13908", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-5130", "CVE-2017-5969", "CVE-2017-7132", "CVE-2017-7150", "CVE-2017-7170", "CVE-2017-7376", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9049", "CVE-2017-9050", "CVE-2017-9788", "CVE-2017-9789"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOSX_SECUPD2017-004.NASL", "href": "https://www.tenable.com/plugins/nessus/104379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104379);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-4736\",\n \"CVE-2016-5387\",\n \"CVE-2016-8740\",\n \"CVE-2016-8743\",\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-10140\",\n \"CVE-2017-11103\",\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-13782\",\n \"CVE-2017-13799\",\n \"CVE-2017-13801\",\n \"CVE-2017-13804\",\n \"CVE-2017-13807\",\n \"CVE-2017-13808\",\n \"CVE-2017-13809\",\n \"CVE-2017-13810\",\n \"CVE-2017-13811\",\n \"CVE-2017-13812\",\n \"CVE-2017-13813\",\n \"CVE-2017-13814\",\n \"CVE-2017-13815\",\n \"CVE-2017-13817\",\n \"CVE-2017-13818\",\n \"CVE-2017-13819\",\n \"CVE-2017-13820\",\n \"CVE-2017-13821\",\n \"CVE-2017-13822\",\n \"CVE-2017-13823\",\n \"CVE-2017-13824\",\n \"CVE-2017-13825\",\n \"CVE-2017-13828\",\n \"CVE-2017-13829\",\n \"CVE-2017-13830\",\n \"CVE-2017-13831\",\n \"CVE-2017-13833\",\n \"CVE-2017-13834\",\n \"CVE-2017-13836\",\n \"CVE-2017-13838\",\n \"CVE-2017-13840\",\n \"CVE-2017-13841\",\n \"CVE-2017-13842\",\n \"CVE-2017-13843\",\n \"CVE-2017-13846\",\n \"CVE-2017-13906\",\n \"CVE-2017-13908\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-5130\",\n \"CVE-2017-5969\",\n \"CVE-2017-7132\",\n \"CVE-2017-7150\",\n \"CVE-2017-7170\",\n \"CVE-2017-7376\",\n \"CVE-2017-7659\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9049\",\n \"CVE-2017-9050\",\n \"CVE-2017-9788\",\n \"CVE-2017-9789\"\n );\n script_bugtraq_id(\n 100249,\n 100286,\n 100913,\n 100914,\n 101177,\n 101274,\n 101482,\n 102100,\n 91816,\n 93055,\n 94650,\n 95076,\n 95077,\n 95078,\n 96188,\n 98568,\n 98601,\n 98877,\n 99132,\n 99134,\n 99135,\n 99137,\n 99170,\n 99551,\n 99568,\n 99569,\n 99938,\n 99939,\n 99940,\n 99941\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-2\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)\");\n script_summary(english:\"Checks for the presence of Security Update 2017-004.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - 802.1X\n - apache\n - AppleScript\n - ATS\n - Audio\n - CFString\n - CoreText\n - curl\n - Dictionary Widget\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - ImageIO\n - Kernel\n - libarchive\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - Sandbox\n - StreamingZip\n - tcpdump\n - Wi-Fi\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208221\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3881783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-004 or later for 10.11.x or\nSecurity Update 2017-001 or later for 10.12.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7376\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11\\.6|12\\.6)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.11.6 or Mac OS X 10.12.6\");\n\nif (\"10.11.6\" >< os)\n patch = \"2017-004\";\nelse\n patch = \"2017-001\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = pregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report, xss:TRUE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2021-01-01T22:40:49", "description": "<html><body><p>Resolves vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 </p><h2>Summary</h2><div class=\"kb-summary-section section\">An information disclosure vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploits\u00a0this vulnerability could potentially decrypt wireless traffic of hosts on a WPA or WPA 2-protected wireless network.</div><div class=\"kb-summary-section section\">To learn more about the vulnerability, see\u00a0<a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-13077\" id=\"kb-link-2\" target=\"_self\">CVE-2017-13077</a>.</div><h2>More Information</h2><p class=\"kb-moreinformation-section section\"><strong><span class=\"text-base\">Important\u00a0</span></strong><span>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see </span><a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a><span>.</span></p><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"> <h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://www.microsoft.com/en-us/safety/pc-security/updates.aspx\" id=\"kb-link-13\" target=\"_self\">Windows Update: FAQ</a>. </div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the stand-alone package for this update, go to the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4089694\" id=\"kb-link-14\" target=\"_self\">Microsoft Update Catalog</a> website. <br/></div></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-15\" target=\"_self\">Windows Update: FAQ</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-16\" target=\"_self\">TechNet Security Support and Troubleshooting</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" target=\"_self\">Microsoft Secure</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" target=\"_self\">International Support</a></div><br/></span></td></tr></tbody></table><a class=\"bookmark\" id=\"fileinfo\"></a></div><h2>WES09 and POSReady 2009 file information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>WindowsXP-KB4089694-x86-Embedded-ENU.exe</td><td>F0698BDBB2C0DBAF56D7C4071061046865EC3526</td><td>794C9E9B730527566004698179C27E14B182082A90F8BF3DBC4DD0CEDC08E305</td></tr></tbody></table></td></tr></tbody></table><p><br/><strong>File information</strong><br/><br/><br/><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.</span></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Wzcsvc.dll</td><td>5.1.2600.7432</td><td>484,352</td><td>15-Feb-2018</td><td>00:16</td><td>x86</td></tr><tr><td>Updspapi.dll</td><td>6.3.13.0</td><td>382,840</td><td>16-May-2014</td><td>03:08</td><td>x86</td></tr></tbody></table></td></tr></tbody></table><p>\u00a0</p></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-03-13T00:00:00", "type": "mskb", "title": "Description of the security update for the Windows Wireless WPA pairwise encryption key reinstallation vulnerability in WES09 and POSReady 2009: March 13, 2018", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077"], "modified": "2018-03-13T17:08:45", "id": "KB4089694", "href": "https://support.microsoft.com/en-us/help/4089694/", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "hp": [{"lastseen": "2023-03-07T20:42:46", "description": "## Potential Security Impact\nPotential denial of service or escalation of privilege. \n\n**Source:** Intel \n\n**Reported By:** Intel \n\n## VULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with certain versions of Intel Active Management Technology, Management Engine Firmware, and Management Engine Software. \n\n * The Cumulative Security update and WPA2 vulnerability fix impacts ME versions 11.x, 10.x, 9.x, and 8.x. The Cumulative Security fix addresses vulnerabilities that could potentially place impacted platforms at risk.\n\n * The WPA2 fix addresses vulnerabilities associated with handling of WPA/WPA2 keys as part of a wireless network and will help prevent unauthorized access to the network. The Wi-Fi fix addresses potential denial-of-service attacks in wireless networks.\n\n> note:\n> \n> For the WPA2 vulnerability and the Intel ME firmware update, software driver fixes for WLAN devices are also needed. They are available via the following Security Bulletin: [HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security](<https://www.hp.com/support/en/docs/c05963224.html>). \n\n## RESOLUTION\nHP has provided updates for the Intel ME firmware. Impacted HP platforms are shown in the tables below.\n", "cvss3": {}, "published": "2017-11-22T00:00:00", "type": "hp", "title": "HPSBHF03571 rev. 6 - Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-13077"], "modified": "2018-09-28T00:00:00", "id": "HP:C05843704", "href": "https://support.hp.com/us-en/document/c05843704", "cvss": {"score": "2017", "vector": "CVE-2017-13078/"}}, {"lastseen": "2021-12-30T16:03:49", "description": "## Potential Security Impact\nRemote disclosure of information.\n\n**Source:**Mathy Vanhoef of imec-DistriNet, KU Leuven \n\n## VULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2. This vulnerability known as Key Reinstallation Attacks or \u201cKRACK attacks\u201d which could potentially be exploited remotely to allow disclosure of information.\n\n## RESOLUTION\nHP has provided firmware updates for potentially impacted printers for the products listed in the table below. \n\nTo obtain the updated firmware, go to the HP Software site and search for your printer model. \n\n> note:\n> \n> Some FutureSmart printers have multiple firmware platforms\u2014FutureSmart 3 (FS3) and FutureSmart 4 (FS4). Select the appropriate firmware version for the required FutureSmart platform.\n\n> note:\n> \n> For firmware marked with *, please [contact HP](<https://support.hp.com/contact-hp>) support to obtain the firmware update. \n\nProduct Name\n\n| \n\nModel Number\n\n| \n\nFirmware Revision \n \n---|---|--- \n \nHP LaserJet Enterprise M506 (4-line display)\n\n| \n\nF2A68A, F2A69A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nHP LaserJet Enterprise M506 (4-line display)\n\n| \n\nF2A66A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nHP LaserJet Enterprise M506\n\n| \n\nF2A70A, F2A71A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nFS4: 2405135_000396 (or higher)* \n \nHP LaserJet Managed M506\n\n| \n\nF2A67A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nFS4: 2405135_000396 (or higher)* \n \nHP Color LaserJet Enterprise M551\n\n| \n\nCF081A, CF082A,CF083A\n\n| \n\nFS3: 2308937_578506 (or higher) \n \nHP Color LaserJet Enterprise M552\n\n| \n\nB5L23A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Enterprise M553 (4-line display)\n\n| \n\nB5L24A, B5L25A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Managed M553 series (4-line display)\n\n| \n\nB5L38A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Enterprise M553\n\n| \n\nB5L26A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nFS4: 2405135_000400 (or higher)* \n \nHP Color LaserJet Enterprise M553\n\n| \n\nB5L39A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nFS4: 2405135_000400 (or higher)* \n \nHP OfficeJet Enterprise Color X555\n\n| \n\nC2S11A, C2S11V, C2S12A, C2S12V, L1H45A\n\n| \n\nFS3: 2308937_578482 (or higher) \n \nFS4: 2405135_000398 (or higher) \n \nHP PageWide Enterprise Color 556\n\n| \n\nG1W46A, G1W46V, G1W47A, G1W47V, L3U44A\n\n| \n\nFS3: 2308937_578491 (or higher) \n \nFS4: 2405135_000394 (or higher) \n \nHP PageWide Managed Color E55650 series\n\n| \n\nL3U44A\n\n| \n\nFS3: 2308937_578491 (or higher) \n \nFS4: 2405135_000394 (or higher) \n \nHP LaserJet Enterprise M601\n\n| \n\nCE989A, CE990A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M602 \n\n| \n\nCE991A, CE992A, CE993A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M603 \n\n| \n\nCE994A, CE995A, CE996A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M604 \n\n| \n\nE6B67A, E6B68A \n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M605 (4-line display)\n\n| \n\nE6B69A, E6B70A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M605 \n\n| \n\nE6B71A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nFS4: 2405135_000395 (or higher)* \n \nHP LaserJet Enterprise M606 (4-line display)\n\n| \n\nE6B72A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M606 \n\n| \n\nE6B73A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nFS4: 2405135_000395 (or higher)* \n \nHP LaserJet Enterprise M607 \n\n| \n\nK0Q14A, K0Q15A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Enterprise M608 \n\n| \n\nK0Q17A, K0Q18A, M0P32A, K0Q19A \n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Enterprise M609\n\n| \n\nK0Q20A, K0Q21A, K0Q22A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60055 \n\n| \n\nM0P33A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60065 \n\n| \n\nM0P35A, M0P36A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60075 \n\n| \n\nM0P39A, M0P40A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP Color LaserJet Enterprise M651\n\n| \n\nCZ255A, CZ256A, CZ257A, CZ258A\n\n| \n\nFS3: 2308937_578497 (or higher) \n \nHP Color LaserJet Managed M651 series\n\n| \n\nH0DC9A, L8Z07A\n\n| \n\nFS3: 2308937_578497 (or higher) \n \nFS4: 2405135_000389 (or higher) \n \nHP Color LaserJet Enterprise M652\n\n| \n\nJ7Z98A, J7Z99A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Enterprise M653\n\n| \n\nJ8A04A, J8A05A, J8A06A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Managed E65050\n\n| \n\nL3U55A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Managed E65060\n\n| \n\nL3U56A, L3U57A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP LaserJet Enterprise M712\n\n| \n\nCF235A, CF236A, CF238A\n\n| \n\nFS3: 2308937_578504 (or higher) \n \nHP Color LaserJet Enterprise M750\n\n| \n\nD3L08A, D3L09A, D3L10A\n\n| \n\nFS3: 2308937_578501 (or higher) \n \nHP PageWide Enterprise Color 765\n\n| \n\nJ7Z04A\n\n| \n\nFS4: 2405347_024812 (or higher) \n \nHP PageWide Managed Color E75160\n\n| \n\nJ7Z06A\n\n| \n\nFS4: 2405347_024812 (or higher) \n \nHP LaserJet Enterprise M806 \n\n| \n\nCZ244A, CZ245A\n\n| \n\nFS3: 2308937_578500 (or higher) \n \nFS4: 2405135_000404 (or higher) \n \nHP Color LaserJet Enterprise M855\n\n| \n\nA2W77A, A2W78A, A2W79A, D7P73A\n\n| \n\nFS3: 2308937_578499 (or higher)) \n \nFS4: 2405135_000399 (or higher) \n \nHP LaserJet Enterprise MFP M525\n\n| \n\nCF116A, CF117A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Enterprise flow MFP M525\n\n| \n\nCF118A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Managed MFP M525 series\n\n| \n\nL3U59A , L3U60A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Enterprise MFP M527\n\n| \n\nF2A76A, F2A77A, F2A81A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Flow MFP M527\n\n| \n\nF2A78V\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Managed MFP M527\n\n| \n\nF2A79A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Managed Flow MFP M527\n\n| \n\nF2A80A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Color MFP M575\n\n| \n\nCD644A, CD645A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet 500 Color Flow MFP M575 series\n\n| \n\nCD646A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP LaserJet Enterprise Managed MFP M575\n\n| \n\nL3U46A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet Managed Flow MFP M575 series\n\n| \n\nL3U45A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet Enterprise MFP M577\n\n| \n\nB5L46A, B5L47A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M577\n\n| \n\nB5L48A, B5L54A \n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Managed MFP M577 series\n\n| \n\nB5L49A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Managed Flow MFP M577 series\n\n| \n\nB5L50A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP OfficeJet Enterprise Color MFP X585\n\n| \n\nB5L04A, B5L05A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP OfficeJet Enterprise Color Flow MFP X585\n\n| \n\nB5L06A, B5L07A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP OfficeJet Managed Color MFP X585\n\n| \n\nL3U40A, L3U41A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP PageWide Enterprise Color MFP 586\n\n| \n\nG1W39A, G1W39V, G1W40A, G1W40V\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Enterprise Color Flow MFP 586\n\n| \n\nG1W41A, G1W41V\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Managed Color MFP E58650 series\n\n| \n\nL3U42A\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Managed Color MFP Flow E58650 series\n\n| \n\nL3U43A\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP LaserJet Enterprise MFP M630\n\n| \n\nB3G85A, J7X28A, B3G84A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Enterprise Flow MFP M630\n\n| \n\nP7Z47A, B3G86A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Managed MFP M630\n\n| \n\nL3U61A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Managed Flow MFP M630\n\n| \n\nL3U62A, P7Z48A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Enterprise MFP M631\n\n| \n\nJ8J64A, J8J63A, J8J65A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Enterprise MFP M632\n\n| \n\nJ8J70A, J8J71A, J8J72A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Enterprise MFP M633\n\n| \n\nJ8J76A, J8J78A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed MFP E62555dn\n\n| \n\nJ8J66A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62555dn\n\n| \n\nJ8J67A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed MFP E62565hs\n\n| \n\nJ8J73A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62565h, z\n\n| \n\nJ8J74A, J8J79A \n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62575z\n\n| \n\nJ8J80A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP Color LaserJet Enterprise MFP M680\n\n| \n\nCZ248A, CZ249A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M680\n\n| \n\nCZ250A, CA251A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Managed MFP M680\n\n| \n\nL3U47A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Managed Flow MFP M680\n\n| \n\nL3U48A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Enterprise MFP M681\n\n| \n\nJ8A10A, J8A11A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M681f\n\n| \n\nJ8A12A, J8A13A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M682\n\n| \n\nJ8A17A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise MFP M682\n\n| \n\nJ8A16A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed Flow MFP E67550\n\n| \n\nL3U67A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed Flow MFP E67560\n\n| \n\nL3U70A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed MFP E67550d\n\n| \n\nL3U66A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed MFP E67560d\n\n| \n\nL3U69A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP LaserJet Enterprise MFP M725\n\n| \n\nCF066A, CF067A, CF068A, CF069A\n\n| \n\nFS3: 2308937_578498 (or higher) \n \nFS4: 2405135_000401 (or higher) \n \nHP LaserJet Managed MFP 725 series\n\n| \n\nL3U63A, L3U64A\n\n| \n\nFS3: 2308937_578498 (or higher) \n \nFS4: 2405135_000401 (or higher) \n \nHP LaserJet Enterprise 700 color MFP M775 series\n\n| \n\nCC522A, CC523A, CC524A\n\n| \n\nFS3: 2308937_578505 (or higher) \n \nFS4: 2405135_000405 (or higher) \n \nHP Color LaserJet Managed MFP M775 series\n\n| \n\nL3U49A, L3U50A\n\n| \n\nFS3: 2308937_578505 (or higher) \n \nFS4: 2405135_000405 (or higher) \n \nHP PageWide Enterprise Color MFP 780\n\n| \n\nJ7Z10A, J7Z09A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Enterprise Color MFP 785\n\n| \n\nJ7Z11A, J7Z12A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color MFP E77650\n\n| \n\nJ7Z05A, J7Z08A, J7A13A, J7Z14A, Z5G79A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color Flow MFP E77650\n\n| \n\nJ7Z08A, J7Z14A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color Flow MFP E77660\n\n| \n\nZ5G77A, J7Z03A, J7Z07A, J7Z05A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color MFP E77650\n\n| \n\nJ7Z13A, Z5G79A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP LaserJet Enterprise Flow MFP M830z\n\n| \n\nCF367A, D7P68A\n\n| \n\nFS3: 2308937_578495 (or higher) \n \nFS4: 2405135_000402 (or higher) \n \nHP LaserJet Managed Flow MFP M830 series\n\n| \n\nL3U65A\n\n| \n\nFS3: 2308937_578495 (or higher) \n \nFS4: 2405135_000402 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M880\n\n| \n\nA2W76A, A2W75A, D7P70A, D7P71A, D7P68A\n\n| \n\nFS3: 2308937_578494 (or higher) \n \nFS4: 2405135_000397 (or higher) \n \nHP Color LaserJet Managed MFP M880 series\n\n| \n\nL3U51A, L3U52A, L3U65A\n\n| \n\nFS3: 2308937_578494 (or higher) \n \nFS4: 2405135_000397 (or higher) \n \nHP LaserJet Managed MFP E82540 series\n\n| \n\nX3A69A, X3A68A, Z8Z19A, Z8Z18A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E82550\n\n| \n\nX3A72A, X3A71A, Z8Z21A, Z8Z20A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E82560\n\n| \n\nX3A79A, Z8Z23A, Z8Z22A, X3A75A, X3A74A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E72525\n\n| \n\nX3A59A, X3A60A, Z8Z06A, Z8Z07A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP LaserJet Managed MFP E72530\n\n| \n\nX3A62A, X3A63, Z8Z09A, Z8Z08A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP LaserJet Managed MFP E72535\n\n| \n\nX3A65, X3A66A, Z8Z11A, Z8Z10A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP Color LaserJet Managed MFP E87640\n\n| \n\nX3A87A, X3A86A, Z8Z12A, Z8Z13A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E87650\n\n| \n\nX3A90A, X3A89A, Z8Z14A, Z8Z15A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E87660\n\n| \n\nX3A92A, X3A93A, Z8Z16A, Z8Z17A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E77822\n\n| \n\nX3A78A, X3A77A, Z8Z00A, Z8Z01A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Color LaserJet Managed MFP E77825\n\n| \n\nX3A81A, X3A80A, Z8Z02A, Z8Z03A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Color LaserJet Managed MFP E77830\n\n| \n\nX3A84A, X3A83A, Z8Z05A, Z8Z04A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Digital Sender Flow 8500 fn1 Document Capture Workstation\n\n| \n\nL2717A\n\n| \n\nFS3: 2308937_578486 (or higher) \n \nHP Digital Sender Flow 8500 fn2 Document Capture Workstation\n\n| \n\nL2762A\n\n| \n\nFS4: 2405135_000408 (or higher) \n \nHP JetDirect 3000w\n\n| \n\nJ8030A\n\n| \n\nLocate firmware for print product \n \nHP JetDirect 2900nw\n\n| \n\nJ8031A\n\n| \n\nLocate firmware for print product \n \nHP DesignJet T730 36-in Printer\n\n| \n\nF9A29A, F9A29B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T730 with Rugged Case\n\n| \n\nT5D66A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 36-in Multifunction Printer\n\n| \n\nF9A30A, F9A30B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 MFP with Rugged Case \n\n| \n\nT5D67A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 MFP with armor case\n\n| \n\n1JL02A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 24-in MFP Printer\n\n| \n\nF9A28A, F9A28B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T120 24-in Printer\n\n| \n\nCQ891A, CQ891B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T120 24-in 2018 ed. Printer\n\n| \n\nCQ891C\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 24-in Printer\n\n| \n\nCQ890A, CQ890B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 24-in 2018 ed. Printer\n\n| \n\nCQ890C\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 36-in Printer \n\n| \n\nCQ893A, CQ893B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 36-in 2018 ed. Printer\n\n| \n\nCQ893C\n\n| \n\n1809AR (or higher)\n", "cvss3": {}, "published": "2018-01-12T00:00:00", "type": "hp", "title": "HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081"], "modified": "2020-08-19T00:00:00", "id": "HP:C05876244", "href": "https://support.hp.com/us-en/document/c05876244", "cvss": {"score": "6.8", "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/"}}, {"lastseen": "2020-10-13T01:02:16", "description": "## Potential Security Impact\nKRACK Attacks \n\n## VULNERABILITY SUMMARY\nOn October 16, security researchers publicly announced vulnerabilities in the WiFi WPA2 standard. See the References section below for links to additional resources describing the KRACK Attacks WPA2 potential vulnerabilities in detail.\n\nThe HP printing devices and networking accessories listed below are susceptible to the applicable vulnerabilities (CVE) noted in the References section below. However, the vulnerabilities described in the CVEs can be mitigated for each of these devices and accessories as set forth in the Workarounds section below.\n\n * HP LaserJet Enterprise printers and multifunction printers\n\n * HP LaserJet Managed printers and multifunction printers\n\n * HP LaserJet Pro printers and multifunction printers\n\n * HP PageWide Enterprise printers and multifunction printers\n\n * HP PageWide Pro printers and multifunction printers\n\n * HP OfficeJet Enterprise series printers and multifunction printers\n\n * HP OfficeJet Pro printers and multifunction printers\n\n * HP Inkjet (DeskJet, Envy, PhotoSmart) printers and multifunction printers\n\n * HP DesignJet large format printers\n\n * HP JetDirect wireless print server accessories\n\n## RESOLUTION\nCustomers may mitigate risk for the identified vulnerabilities through one of the methods listed below. Devices vary in configuration procedures, so please refer to the product user guide for specific instructions.\n\n * Do not use unpatched clients to connect to the print device Wi-Fi Direct network. Wi-Fi Direct implementation is not impacted, but unpatched mobile devices could be subject to attack when connecting to Wi-Fi Direct\n\n * Configure the wireless access point or printer to only allow WPA2-AES/CCMP mode, thus disabling WPA-TKIP\n\n * Use only TLS enabled protocols to communicate with the printer\n\n * Turning off printer Wi-Fi and using Ethernet or USB\n\n**What can you do?**\n\nSubscribe to HP real-time security information: All HP products use a common centralized Security Bulletin process managed by HP\u00b4s Product Security Response Team (PSRT). Subscribe to HP Security Bulletins by following these steps:\n\n 1. Go to <http://www.hp.com/go/support>. \n\n 2. Click **Get software and drivers**. \n\n 3. Find your product.\n\n 4. Scroll to the bottom of the page and under **Other support resources**, click **Sign up for driver, support &amp; security alerts**. \n\n 5. Follow the onscreen prompts to sign up for alerts.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-01-09T00:00:00", "type": "hp", "title": "HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "modified": "2018-01-09T00:00:00", "id": "HP:C05872536", "href": "https://support.hp.com/us-en/document/c05872536", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-28T14:19:52", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise\nTransient Key (PTK) Temporal Key (TK) during the four-way handshake,\nallowing an attacker within radio range to replay, decrypt, or spoof\nframes.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-10-16T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13077", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077"], "modified": "2017-10-16T00:00:00", "id": "UB:CVE-2017-13077", "href": "https://ubuntu.com/security/CVE-2017-13077", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-23T14:37:16", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-10-17T02:29:00", "type": "debiancve", "title": "CVE-2017-13077", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077"], "modified": "2017-10-17T02:29:00", "id": "DEBIANCVE:CVE-2017-13077", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13077", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T13:46:24", "description": "wpa_supplicant is vulnerable to key reinstallation attack (KRACK). A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-01-15T09:19:52", "type": "veracode", "title": "Key Reinstallation Attack (KRACK)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077"], "modified": "2019-10-03T07:10:25", "id": "VERACODE:12637", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-12637/summary", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2021-11-10T17:00:23", "description": "# About the security content of Wi-Fi Update for Boot Camp 6.4.0\n\nThis document describes the security content of Wi-Fi Update for Boot Camp 6.4.0.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Wi-Fi Update for Boot Camp 6.4.0\n\nReleased July 5, 2018\n\n**Wi-Fi**\n\nAvailable for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**Wi-Fi**\n\nAvailable for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 05, 2018\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-07-05T00:00:00", "type": "apple", "title": "About the security content of Wi-Fi Update for Boot Camp 6.4.0", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080"], "modified": "2018-07-05T00:00:00", "id": "APPLE:B8F16B37FC64788E8894EE9818D392DA", "href": "https://support.apple.com/kb/HT208847", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:34", "description": "# About the security content of AirPort Base Station Firmware Update 7.6.9\n\nThis document describes the security content of AirPort Base Station Firmware Update 7.6.9.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## AirPort Base Station Firmware Update 7.6.9\n\nReleased December 12, 2017\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: December 12, 2017\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-12-12T00:00:00", "type": "apple", "title": "About the security content of AirPort Base Station Firmware Update 7.6.9", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080"], "modified": "2017-12-12T00:00:00", "id": "APPLE:718D8AEEB116992EF0FD8052E050FE9A", "href": "https://support.apple.com/kb/HT208258", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:08", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## AirPort Base Station Firmware Update 7.6.9\n\nReleased December 12, 2017\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-12-12T09:19:14", "title": "About the security content of AirPort Base Station Firmware Update 7.6.9 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077"], "modified": "2017-12-12T09:19:14", "id": "APPLE:HT208258", "href": "https://support.apple.com/kb/HT208258", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:41:37", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Wi-Fi Update for Boot Camp 6.4.0\n\nReleased July 5, 2018\n\n**Wi-Fi**\n\nAvailable for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**Wi-Fi**\n\nAvailable for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-07-05T10:02:49", "title": "About the security content of Wi-Fi Update for Boot Camp 6.4.0 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077"], "modified": "2018-07-05T10:02:49", "id": "APPLE:HT208847", "href": "https://support.apple.com/kb/HT208847", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:10", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## AirPort Base Station Firmware Update 7.7.9\n\nReleased December 12, 2017\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T09:19:46", "title": "About the security content of AirPort Base Station Firmware Update 7.7.9 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-9417", "CVE-2017-13077"], "modified": "2017-12-12T09:19:46", "id": "APPLE:HT208354", "href": "https://support.apple.com/kb/HT208354", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:35", "description": "# About the security content of AirPort Base Station Firmware Update 7.7.9\n\nThis document describes the security content of AirPort Base Station Firmware Update 7.7.9.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## AirPort Base Station Firmware Update 7.7.9\n\nReleased December 12, 2017\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: December 12, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "apple", "title": "About the security content of AirPort Base Station Firmware Update 7.7.9", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-9417"], "modified": "2017-12-12T00:00:00", "id": "APPLE:076A5029E1D9073AD8A212C272CBA098", "href": "https://support.apple.com/kb/HT208354", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:39", "description": "# About the security content of watchOS 4.1\n\nThis document describes the security content of watchOS 4.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**StreamingZip**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**Wi-Fi**\n\n_No Apple Watch models were impacted by this vulnerability_\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n****Entry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and Apple Watch Series 2\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 11, 2017\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "apple", "title": "About the security content of watchOS 4.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13799", "CVE-2017-13804", "CVE-2017-13849", "CVE-2017-13852"], "modified": "2017-10-31T00:00:00", "id": "APPLE:CE1834F14896537612441EAFB62595C9", "href": "https://support.apple.com/kb/HT208220", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:19", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**StreamingZip**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**Wi-Fi**\n\n_No Apple Watch models were impacted by this vulnerability_\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n****Entry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and Apple Watch Series 2\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-11T12:37:05", "title": "About the security content of watchOS 4.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13849", "CVE-2017-13799", "CVE-2017-13080", "CVE-2017-13852", "CVE-2017-13078", "CVE-2017-13804", "CVE-2017-13077"], "modified": "2017-11-11T12:37:05", "id": "APPLE:HT208220", "href": "https://support.apple.com/kb/HT208220", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:39", "description": "# About the security content of tvOS 11.1\n\nThis document describes the security content of tvOS 11.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**StreamingZip**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated November 2, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K\n\nNot impacted: Apple TV (4th generation)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 11, 2017\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "apple", "title": "About the security content of tvOS 11.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13783", "CVE-2017-13784", "CVE-2017-13785", "CVE-2017-13788", "CVE-2017-13791", "CVE-2017-13792", "CVE-2017-13793", "CVE-2017-13794", "CVE-2017-13795", "CVE-2017-13796", "CVE-2017-13797", "CVE-2017-13798", "CVE-2017-13799", "CVE-2017-13802", "CVE-2017-13803", "CVE-2017-13804", "CVE-2017-13849", "CVE-2017-13852"], "modified": "2017-10-31T00:00:00", "id": "APPLE:31324259F2722EDCDF4BD19554187E7A", "href": "https://support.apple.com/kb/HT208219", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:42", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**StreamingZip**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated November 2, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K\n\nNot impacted: Apple TV (4th generation)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-11T12:32:32", "title": "About the security content of tvOS 11.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13797", "CVE-2017-13849", "CVE-2017-13792", "CVE-2017-13799", "CVE-2017-13080", "CVE-2017-13796", "CVE-2017-13852", "CVE-2017-13802", "CVE-2017-13078", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13804", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13077", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2017-11-11T12:32:32", "id": "APPLE:HT208219", "href": "https://support.apple.com/kb/HT208219", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:42", "description": "# About the security content of iOS 11.1\n\nThis document describes the security content of iOS 11.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.\n\nCVE-2017-13844: Miguel Alvarado of iDeviceHelp INC\n\n**Siri**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen\n\nDescription: An issue existed with Siri permissions. This was addressed with improved permission checking.\n\nCVE-2017-13805: Yi\u011fit Can YILMAZ (@yilmazcanyigit), Ayden Panhuyzen (madebyayden.co)\n\nEntry updated June 14, 2018\n\n**StreamingZip**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**UIKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Characters in a secure text field might be revealed\n\nDescription: The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management.\n\nCVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of Tech Mahindra, Ricardo Sampayo of Bemo Ltd\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated December 21, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 8, iPhone 8 Plus, and iPhone X\n\nNot impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 15, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "apple", "title": "About the security content of iOS 11.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13783", "CVE-2017-13784", "CVE-2017-13785", "CVE-2017-13788", "CVE-2017-13791", "CVE-2017-13792", "CVE-2017-13793", "CVE-2017-13794", "CVE-2017-13795", "CVE-2017-13796", "CVE-2017-13797", "CVE-2017-13798", "CVE-2017-13799", "CVE-2017-13802", "CVE-2017-13803", "CVE-2017-13804", "CVE-2017-13805", "CVE-2017-13844", "CVE-2017-13849", "CVE-2017-13852", "CVE-2017-7113"], "modified": "2017-10-31T00:00:00", "id": "APPLE:FAC8B05FC20C773432450AA689A274D6", "href": "https://support.apple.com/kb/HT208222", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:15", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.\n\nCVE-2017-13844: Miguel Alvarado of iDeviceHelp INC\n\n**Siri**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen\n\nDescription: An issue existed with Siri permissions. This was addressed with improved permission checking.\n\nCVE-2017-13805: Yi\u011fit Can YILMAZ (@yilmazcanyigit), Ayden Panhuyzen (madebyayden.co)\n\nEntry updated June 14, 2018\n\n**StreamingZip**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**UIKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Characters in a secure text field might be revealed\n\nDescription: The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management.\n\nCVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of Tech Mahindra, Ricardo Sampayo of Bemo Ltd\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated December 21, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 8, iPhone 8 Plus, and iPhone X\n\nNot impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-15T06:47:29", "title": "About the security content of iOS 11.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13797", "CVE-2017-13844", "CVE-2017-13849", "CVE-2017-13792", "CVE-2017-13799", "CVE-2017-13080", "CVE-2017-13796", "CVE-2017-13852", "CVE-2017-13805", "CVE-2017-7113", "CVE-2017-13802", "CVE-2017-13078", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13804", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13077", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2018-06-15T06:47:29", "id": "APPLE:HT208222", "href": "https://support.apple.com/kb/HT208222", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:39", "description": "# About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan\n\nThis document describes the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan\n\nReleased October 31, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues were addressed by updating to version 2.4.27.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nCVE-2017-3167\n\nCVE-2017-3169\n\nCVE-2017-7659\n\nCVE-2017-7668\n\nCVE-2017-7679\n\nCVE-2017-9788\n\nCVE-2017-9789\n\nEntry updated November 14, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.\n\nCVE-2017-13786: Dmytro Oleksiuk\n\nEntry updated November 10, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum\n\n**AppleScript**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry updated November 10, 2017\n\n**ATS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry updated January 22, 2019\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFString**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**CoreText**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000100: Even Rouault, found by OSS-Fuzz\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000101: Brian Carpenter, Yongji Ouyang\n\n**Dictionary Widget**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Searching pasted text in the Dictionary widget may lead to compromise of user information\n\nDescription: A validation issue existed which allowed local file access. This was addressed with input sanitization.\n\nCVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**file**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**Fonts**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**HFS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\n**Heimdal**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed with improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry updated January 22, 2019\n\n**HelpViewer**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry updated November 10, 2017\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry updated April 3, 2019\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed with improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry updated June 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nEntry updated November 16, 2018, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\n\nEntry updated December 21, 2017\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2017-5969: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added November 16, 2018\n\n**Login Window**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: The screen lock may unexpectedly remain unlocked\n\nDescription: A state management issue was addressed with improved state validation.\n\nCVE-2017-13907: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Open Scripting Architecture**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\n**PCRE**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\n**Postfix**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated January 22, 2019\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\n**Sandbox**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry updated November 10, 2017\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2017-7170: Patrick Wardle of Synack\n\nEntry added January 11, 2018\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious application can extract keychain passwords\n\nDescription: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.\n\nCVE-2017-7150: Patrick Wardle of Synack\n\nEntry added November 17, 2017\n\n**SMB**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**StreamingZip**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**tcpdump**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to version 4.9.2.\n\nCVE-2017-11108\n\nCVE-2017-11541\n\nCVE-2017-11542\n\nCVE-2017-11543\n\nCVE-2017-12893\n\nCVE-2017-12894\n\nCVE-2017-12895\n\nCVE-2017-12896\n\nCVE-2017-12897\n\nCVE-2017-12898\n\nCVE-2017-12899\n\nCVE-2017-12900\n\nCVE-2017-12901\n\nCVE-2017-12902\n\nCVE-2017-12985\n\nCVE-2017-12986\n\nCVE-2017-12987\n\nCVE-2017-12988\n\nCVE-2017-12989\n\nCVE-2017-12990\n\nCVE-2017-12991\n\nCVE-2017-12992\n\nCVE-2017-12993\n\nCVE-2017-12994\n\nCVE-2017-12995\n\nCVE-2017-12996\n\nCVE-2017-12997\n\nCVE-2017-12998\n\nCVE-2017-12999\n\nCVE-2017-13000\n\nCVE-2017-13001\n\nCVE-2017-13002\n\nCVE-2017-13003\n\nCVE-2017-13004\n\nCVE-2017-13005\n\nCVE-2017-13006\n\nCVE-2017-13007\n\nCVE-2017-13008\n\nCVE-2017-13009\n\nCVE-2017-13010\n\nCVE-2017-13011\n\nCVE-2017-13012\n\nCVE-2017-13013\n\nCVE-2017-13014\n\nCVE-2017-13015\n\nCVE-2017-13016\n\nCVE-2017-13017\n\nCVE-2017-13018\n\nCVE-2017-13019\n\nCVE-2017-13020\n\nCVE-2017-13021\n\nCVE-2017-13022\n\nCVE-2017-13023\n\nCVE-2017-13024\n\nCVE-2017-13025\n\nCVE-2017-13026\n\nCVE-2017-13027\n\nCVE-2017-13028\n\nCVE-2017-13029\n\nCVE-2017-13030\n\nCVE-2017-13031\n\nCVE-2017-13032\n\nCVE-2017-13033\n\nCVE-2017-13034\n\nCVE-2017-13035\n\nCVE-2017-13036\n\nCVE-2017-13037\n\nCVE-2017-13038\n\nCVE-2017-13039\n\nCVE-2017-13040\n\nCVE-2017-13041\n\nCVE-2017-13042\n\nCVE-2017-13043\n\nCVE-2017-13044\n\nCVE-2017-13045\n\nCVE-2017-13046\n\nCVE-2017-13047\n\nCVE-2017-13048\n\nCVE-2017-13049\n\nCVE-2017-13050\n\nCVE-2017-13051\n\nCVE-2017-13052\n\nCVE-2017-13053\n\nCVE-2017-13054\n\nCVE-2017-13055\n\nCVE-2017-13687\n\nCVE-2017-13688\n\nCVE-2017-13689\n\nCVE-2017-13690\n\nCVE-2017-13725\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 03, 2019\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "apple", "title": "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0736", "CVE-2016-2161", "CVE-2016-4736", "CVE-2016-5387", "CVE-2016-8740", "CVE-2016-8743", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-10140", "CVE-2017-11103", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13782", "CVE-2017-13786", "CVE-2017-13799", "CVE-2017-13800", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13807", "CVE-2017-13808", "CVE-2017-13809", "CVE-2017-13810", "CVE-2017-13811", "CVE-2017-13812", "CVE-2017-13813", "CVE-2017-13814", "CVE-2017-13815", "CVE-2017-13817", "CVE-2017-13818", "CVE-2017-13819", "CVE-2017-13820", "CVE-2017-13821", "CVE-2017-13822", "CVE-2017-13823", "CVE-2017-13824", "CVE-2017-13825", "CVE-2017-13828", "CVE-2017-13829", "CVE-2017-13830", "CVE-2017-13831", "CVE-2017-13833", "CVE-2017-13834", "CVE-2017-13836", "CVE-2017-13838", "CVE-2017-13840", "CVE-2017-13841", "CVE-2017-13842", "CVE-2017-13843", "CVE-2017-13846", "CVE-2017-13852", "CVE-2017-13906", "CVE-2017-13907", "CVE-2017-13908", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-5130", "CVE-2017-5969", "CVE-2017-7132", "CVE-2017-7150", "CVE-2017-7170", "CVE-2017-7376", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9049", "CVE-2017-9050", "CVE-2017-9788", "CVE-2017-9789", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2017-10-31T00:00:00", "id": "APPLE:0627AF17A33B956DE48ACE757A30BFB9", "href": "https://support.apple.com/kb/HT208221", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:00", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan\n\nReleased October 31, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues were addressed by updating to version 2.4.27.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nCVE-2017-3167\n\nCVE-2017-3169\n\nCVE-2017-7659\n\nCVE-2017-7668\n\nCVE-2017-7679\n\nCVE-2017-9788\n\nCVE-2017-9789\n\nEntry updated November 14, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.\n\nCVE-2017-13786: Dmytro Oleksiuk\n\nEntry updated November 10, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum\n\n**AppleScript**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry updated November 10, 2017\n\n**ATS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry updated January 22, 2019\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFString**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**CoreText**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000100: Even Rouault, found by OSS-Fuzz\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000101: Brian Carpenter, Yongji Ouyang\n\n**Dictionary Widget**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Searching pasted text in the Dictionary widget may lead to compromise of user information\n\nDescription: A validation issue existed which allowed local file access. This was addressed with input sanitization.\n\nCVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**file**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**Fonts**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**HFS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\n**Heimdal**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed with improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry updated January 22, 2019\n\n**HelpViewer**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry updated November 10, 2017\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry updated April 3, 2019\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed with improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry updated June 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nEntry updated November 16, 2018, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\n\nEntry updated December 21, 2017\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2017-5969: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added November 16, 2018\n\n**Login Window**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: The screen lock may unexpectedly remain unlocked\n\nDescription: A state management issue was addressed with improved state validation.\n\nCVE-2017-13907: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Open Scripting Architecture**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\n**PCRE**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\n**Postfix**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated January 22, 2019\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\n**Sandbox**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry updated November 10, 2017\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2017-7170: Patrick Wardle of Synack\n\nEntry added January 11, 2018\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious application can extract keychain passwords\n\nDescription: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.\n\nCVE-2017-7150: Patrick Wardle of Synack\n\nEntry added November 17, 2017\n\n**SMB**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**StreamingZip**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**tcpdump**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to version 4.9.2.\n\nCVE-2017-11108\n\nCVE-2017-11541\n\nCVE-2017-11542\n\nCVE-2017-11543\n\nCVE-2017-12893\n\nCVE-2017-12894\n\nCVE-2017-12895\n\nCVE-2017-12896\n\nCVE-2017-12897\n\nCVE-2017-12898\n\nCVE-2017-12899\n\nCVE-2017-12900\n\nCVE-2017-12901\n\nCVE-2017-12902\n\nCVE-2017-12985\n\nCVE-2017-12986\n\nCVE-2017-12987\n\nCVE-2017-12988\n\nCVE-2017-12989\n\nCVE-2017-12990\n\nCVE-2017-12991\n\nCVE-2017-12992\n\nCVE-2017-12993\n\nCVE-2017-12994\n\nCVE-2017-12995\n\nCVE-2017-12996\n\nCVE-2017-12997\n\nCVE-2017-12998\n\nCVE-2017-12999\n\nCVE-2017-13000\n\nCVE-2017-13001\n\nCVE-2017-13002\n\nCVE-2017-13003\n\nCVE-2017-13004\n\nCVE-2017-13005\n\nCVE-2017-13006\n\nCVE-2017-13007\n\nCVE-2017-13008\n\nCVE-2017-13009\n\nCVE-2017-13010\n\nCVE-2017-13011\n\nCVE-2017-13012\n\nCVE-2017-13013\n\nCVE-2017-13014\n\nCVE-2017-13015\n\nCVE-2017-13016\n\nCVE-2017-13017\n\nCVE-2017-13018\n\nCVE-2017-13019\n\nCVE-2017-13020\n\nCVE-2017-13021\n\nCVE-2017-13022\n\nCVE-2017-13023\n\nCVE-2017-13024\n\nCVE-2017-13025\n\nCVE-2017-13026\n\nCVE-2017-13027\n\nCVE-2017-13028\n\nCVE-2017-13029\n\nCVE-2017-13030\n\nCVE-2017-13031\n\nCVE-2017-13032\n\nCVE-2017-13033\n\nCVE-2017-13034\n\nCVE-2017-13035\n\nCVE-2017-13036\n\nCVE-2017-13037\n\nCVE-2017-13038\n\nCVE-2017-13039\n\nCVE-2017-13040\n\nCVE-2017-13041\n\nCVE-2017-13042\n\nCVE-2017-13043\n\nCVE-2017-13044\n\nCVE-2017-13045\n\nCVE-2017-13046\n\nCVE-2017-13047\n\nCVE-2017-13048\n\nCVE-2017-13049\n\nCVE-2017-13050\n\nCVE-2017-13051\n\nCVE-2017-13052\n\nCVE-2017-13053\n\nCVE-2017-13054\n\nCVE-2017-13055\n\nCVE-2017-13687\n\nCVE-2017-13688\n\nCVE-2017-13689\n\nCVE-2017-13690\n\nCVE-2017-13725\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-03T09:42:09", "title": "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-13786", "CVE-2017-13810", "CVE-2017-12986", "CVE-2017-13036", "CVE-2018-4390", "CVE-2017-13031", "CVE-2017-12896", "CVE-2016-2161", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-13840", "CVE-2017-12998", "CVE-2017-13080", "CVE-2017-13006", "CVE-2017-13843", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13809", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-3167", "CVE-2017-13035", "CVE-2017-13823", "CVE-2017-13689", "CVE-2016-8743", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13822", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13852", "CVE-2017-13022", "CVE-2017-13846", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-7132", "CVE-2017-5969", "CVE-2017-13907", "CVE-2017-13908", "CVE-2017-11108", "CVE-2017-13811", "CVE-2017-13815", "CVE-2017-13054", "CVE-2017-13800", "CVE-2017-13688", "CVE-2017-9049", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-13078", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-13808", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-13813", "CVE-2017-13831", "CVE-2018-4391", "CVE-2017-12993", "CVE-2017-7376", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13833", "CVE-2017-11542", "CVE-2017-13804", "CVE-2017-13812", "CVE-2017-13824", "CVE-2017-13028", "CVE-2017-1000101", "CVE-2016-4736", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13015", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-13838", "CVE-2017-13818", "CVE-2017-12999", "CVE-2017-12899", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-9788", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2016-5387", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-1000100", "CVE-2017-13003", "CVE-2017-9789", "CVE-2017-13047", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13012", "CVE-2017-7170", "CVE-2017-7668", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13033", "CVE-2017-13817", "CVE-2017-13009", "CVE-2017-3169", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-13077", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-7659", "CVE-2017-13023", "CVE-2017-7150", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-13825", "CVE-2017-13801", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-7679", "CVE-2017-9050", "CVE-2017-13034"], "modified": "2019-04-03T09:42:09", "id": "APPLE:HT208221", "href": "https://support.apple.com/kb/HT208221", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:36", "description": "WPA2 as used in Intel Active Management Technology is prone to multiple security weaknesses aka Key Reinstallation Attacks (KRACK)", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "openvas", "title": "Intel Active Management Technology WPA2 Key Reinstallation Vulnerabilities - KRACK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310107191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107191", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_intel_amt_wpa2_krack.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Intel Active Management Technology WPA2 Key Reinstallation Vulnerabilities - KRACK\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:intel:active_management_technology\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107191\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-19 13:48:56 +0700 (Thu, 19 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_name(\"Intel Active Management Technology WPA2 Key Reinstallation Vulnerabilities - KRACK\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_intel_amt_webui_detect.nasl\");\n script_mandatory_keys(\"intel_amt/installed\");\n\n script_tag(name:\"summary\", value:\"WPA2 as used in Intel Active Management Technology is prone to multiple security weaknesses aka Key Reinstallation Attacks (KRACK)\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Intel AMT firmware versions 2.5.x, 2.6, 4.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.0-11.8.\");\n\n script_tag(name:\"solution\", value:\"Intel is targeting an updated firmware release to System Manufacturers in early November 2017 to address the identified WPA2 vulnerabilities.\n Please contact System Manufacturers to ascertain availability of the updated firmware for their impacted systems.\n Until the firmware update is deployed, configuring Active Management Technology in TLS Mode to encrypt manageability\n network traffic is considered a reasonable mitigation for remote network man-in-the-middle or eavesdropping attacks.\");\n\n script_xref(name:\"URL\", value:\"https://www.intel.com/content/www/us/en/software/setup-configuration-software.html\");\n script_xref(name:\"URL\", value:\"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"8\"))\n{\n report = report_fixed_ver(installed_version: version, fixed_version: \"None Available\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version =~ \"^(8(\\.[0-9]+)?|9(\\.[0-9]+)?|10(\\.[0-9]+)?)\" || version_in_range(version: version, test_version: \"11.0\", test_version2: \"11.8\"))\n{\n report = report_fixed_ver(installed_version: version, fixed_version: \"See Vendor\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-20T00:00:00", "type": "openvas", "title": "RedHat Update for wpa_supplicant RHSA-2017:2911-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2911-01_wpa_supplicant.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for wpa_supplicant RHSA-2017:2911-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812044\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-20 08:40:27 +0200 (Fri, 20 Oct 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13087\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for wpa_supplicant RHSA-2017:2911-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The wpa_supplicant packages contain an 802.1X\nSupplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA Authenticator for\nclient stations and controls the roaming and IEEE 802.11 authentication and\nassociation of the WLAN driver.\n\nSecurity Fix(es):\n\n * A new exploitation technique called key reinstallation attacks (KRACK)\naffecting WPA2 has been discovered. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2911-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.7.3~9.el6_9.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant-debuginfo\", rpm:\"wpa_supplicant-debuginfo~0.7.3~9.el6_9.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:14", "description": "Check the version of wpa_supplicant", "cvss3": {}, "published": "2017-10-20T00:00:00", "type": "openvas", "title": "CentOS Update for wpa_supplicant CESA-2017:2911 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2911_wpa_supplicant_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for wpa_supplicant CESA-2017:2911 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882788\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-20 08:41:10 +0200 (Fri, 20 Oct 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13087\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for wpa_supplicant CESA-2017:2911 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of wpa_supplicant\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The wpa_supplicant packages contain an 802.1X\nSupplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\nauthentication methods. They implement key negotiation with a WPA Authenticator for\nclient stations and controls the roaming and IEEE 802.11 authentication and\nassociation of the WLAN driver.\n\nSecurity Fix(es):\n\n * A new exploitation technique called key reinstallation attacks (KRACK)\naffecting WPA2 has been discovered. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2911\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022570.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.7.3~9.el6_9.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:54", "description": "Cisco Wireless IP Phone 8821 is prone to key reinstallation attacks against\nWPA protocol.", "cvss3": {}, "published": "2017-10-17T00:00:00", "type": "openvas", "title": "Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310140432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8821_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140432\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-17 09:02:23 +0700 (Tue, 17 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco Wireless IP Phone 8821 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 11.0(3)SR5 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8821\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip8821\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"11.0.3SR5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"11.0.3SR5\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:22:48", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "openvas", "title": "Apple MacOSX Multiple Vulnerabilities HT208221", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13804", "CVE-2017-1000101", "CVE-2017-1000100", "CVE-2017-13077", "CVE-2017-13801"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310811959", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811959", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Multiple Vulnerabilities HT208221\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811959\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\", \"CVE-2017-13801\",\n \"CVE-2017-13804\", \"CVE-2017-13077\", \"CVE-2017-13078\",\n \"CVE-2017-13080\");\n script_bugtraq_id(100249, 101274);\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 12:40:42 +0530 (Thu, 02 Nov 2017)\");\n script_name(\"Apple MacOSX Multiple Vulnerabilities HT208221\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A logic issue existed in the handling of state transitions.\n\n - A path handling issue.\n\n - A validation issue existed which allowed local file access.\n\n - An out-of-bounds read.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code with system privileges and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.13, 10.12.x\n through 10.12.6, 10.11.x through 10.11.6\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.13.1 or apply the appropriate patch.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208221\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[1-3]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[1-3]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\n# if 10.11.x before 10.11.6 is running, update to 10.11.6 first and then apply patch\n# if 10.12.x before 10.12.6 is running, update to 10.12.6 first and then apply patch\nif(osVer =~ \"^10\\.1[12]\")\n{\n if(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\") ||\n version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\" || osVer == \"10.12.6\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n # applying patch on 10.11.6 will upgrade build version to 15G17023\n # http://www.insanelymac.com/forum/topic/306535-nvidia-web-driver-updates-for-el-capitan-update-07212017/page-35\n # applying patch on 10.12.6 will upgrade build version to 16G1036\n # http://www.xlr8yourmac.com/index.html#MacNvidiaDriverUpdates\n if(buildVer)\n {\n if((osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G17023\")) ||\n (osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1036\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(osVer == \"10.13\"){\n fix = \"10.13.1\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "description": "Check the version of wpa_supplicant", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "openvas", "title": "CentOS Update for wpa_supplicant CESA-2017:2907 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2907_wpa_supplicant_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for wpa_supplicant CESA-2017:2907 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882787\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 16:53:28 +0200 (Wed, 18 Oct 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13082\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for wpa_supplicant CESA-2017:2907 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of wpa_supplicant\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The wpa_supplicant packages contain an\n802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and\nvarious EAP authentication methods. They implement key negotiation with a WPA\nAuthenticator for client stations and controls the roaming and IEEE 802.11\nauthentication and association of the WLAN driver.\n\nSecurity Fix(es):\n\n * A new exploitation technique called key reinstallation attacks (KRACK)\naffecting WPA2 has been discovered. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2907\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022569.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~5.el7_4.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "openvas", "title": "RedHat Update for wpa_supplicant RHSA-2017:2907-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2907-01_wpa_supplicant.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for wpa_supplicant RHSA-2017:2907-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812042\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 16:52:51 +0200 (Wed, 18 Oct 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\", \"CVE-2017-13082\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for wpa_supplicant RHSA-2017:2907-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The wpa_supplicant packages contain an 802.1X\n Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP\n authentication methods. They implement key negotiation with a WPA Authenticator\n for client stations and controls the roaming and IEEE 802.11 authentication and\n association of the WLAN driver.\n\nSecurity Fix(es):\n\n * A new exploitation technique called key reinstallation attacks (KRACK)\naffecting WPA2 has been discovered. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2907-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~5.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant-debuginfo\", rpm:\"wpa_supplicant-debuginfo~2.6~5.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:21", "description": "Several vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation\nor loss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the\nBroadcom wifi firmware and proprietary drivers that could lead to\nremote code execution. However, this vulnerability is not\nbelieved to affect the drivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS\nimplementation in Broadcom wifi firmware. This could be exploited\nby an attacker on the same WPA2 network to execute code on the\nwifi microcontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the\nWMM implementation in Broadcom wifi firmware. This could be\nexploited by a nearby attacker to execute code on the wifi\nmicrocontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol used for\nauthentication in wireless networks, dubbed ", "cvss3": {}, "published": "2018-11-13T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for firmware-nonfree (DLA-1573-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-0561", "CVE-2017-13078", "CVE-2017-9417", "CVE-2016-0801", "CVE-2017-13081", "CVE-2017-13077"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891573", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891573\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-0801\", \"CVE-2017-0561\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\",\n \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-9417\");\n script_name(\"Debian LTS: Security Advisory for firmware-nonfree (DLA-1573-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-13 00:00:00 +0100 (Tue, 13 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"firmware-nonfree on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n20161130-4~deb8u1. This version also adds new firmware and packages\nfor use with Linux 4.9, and re-adds firmware-{adi, ralink} as\ntransitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation\nor loss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the\nBroadcom wifi firmware and proprietary drivers that could lead to\nremote code execution. However, this vulnerability is not\nbelieved to affect the drivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS\nimplementation in Broadcom wifi firmware. This could be exploited\nby an attacker on the same WPA2 network to execute code on the\nwifi microcontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the\nWMM implementation in Broadcom wifi firmware. This could be\nexploited by a nearby attacker to execute code on the wifi\nmicrocontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol used for\nauthentication in wireless networks, dubbed 'KRACK'.\n\nAn attacker exploiting the vulnerabilities could force the\nvulnerable system to reuse cryptographic session keys, enabling a\nrange of cryptographic attacks against the ciphers used in WPA1\nand WPA2.\n\nThese vulnerabilities are only being fixed for certain Broadcom\nwifi chips, and might still be present in firmware for other wifi\nhardware.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-adi\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-atheros\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-bnx2\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-bnx2x\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-brcm80211\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-intelwimax\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ipw2x00\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ivtv\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-iwlwifi\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-libertas\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-linux\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-linux-nonfree\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-myricom\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-netxen\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-qlogic\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ralink\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-realtek\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-samsung\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ti-connectivity\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:54", "description": "Cisco IP Phone 8865 is prone to key reinstallation attacks against\nWPA protocol.", "cvss3": {}, "published": "2017-10-25T00:00:00", "type": "openvas", "title": "Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310140452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140452", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8865_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140452\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 10:19:05 +0700 (Wed, 25 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco IP Phone 8865 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 12.0.1SR1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8865\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip8845_65\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"12.0.1SR1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.0.1SR1\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-21T00:00:00", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873510", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_60bfb576b7_wpa_supplicant_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873510\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:52:00 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-13082\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2017-13077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-60bfb576b7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QU3OES2BGSLFQGSDGNMTUWDQFC3JJ2Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~11.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:54", "description": "Cisco IP Phone 8861 is prone to key reinstallation attacks against\nWPA protocol.", "cvss3": {}, "published": "2017-10-25T00:00:00", "type": "openvas", "title": "Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310140451", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8861_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140451\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 10:08:52 +0700 (Wed, 25 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco IP Phone 8861 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 12.0.1SR1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8861\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip88xx\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"12.0.1SR1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.0.1SR1\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-21T00:00:00", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_12e76e8364_wpa_supplicant_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873515\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:52:30 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-13082\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2017-13077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-12e76e8364\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O6SYMGH6E5OY5UT6UM342YZWGFEABN3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~3.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2017-fc21e3856b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_fc21e3856b_hostapd_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for hostapd FEDORA-2017-fc21e3856b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873667\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:05:54 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for hostapd FEDORA-2017-fc21e3856b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fc21e3856b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ACQBCSWVEYIR6CEXGZBHR23QKXANVOS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.6~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2017-cfb950d8f4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873699", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873699", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_cfb950d8f4_hostapd_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for hostapd FEDORA-2017-cfb950d8f4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873699\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:08:07 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for hostapd FEDORA-2017-cfb950d8f4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cfb950d8f4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFDEEZO2HIPIZT5H3YWYMNHXMGJ5VWHL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.6~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:14", "description": "Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered\nmultiple vulnerabilities in the WPA protocol, used for authentication in\nwireless networks. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2.\n\nMore information can be found in the researchers", "cvss3": {}, "published": "2017-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3999-1 (wpa - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703999", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703999", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3999.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3999-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703999\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_name(\"Debian Security Advisory DSA 3999-1 (wpa - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-16 00:00:00 +0200 (Mon, 16 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3999.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9|10)\");\n script_tag(name:\"affected\", value:\"wpa on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 2.3-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1.\n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1.\n\nWe recommend that you upgrade your wpa packages.\");\n script_tag(name:\"summary\", value:\"Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered\nmultiple vulnerabilities in the WPA protocol, used for authentication in\nwireless networks. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2.\n\nMore information can be found in the researchers's paper, Key Reinstallation Attacks:\nForcing Nonce Reuse in WPA2\n.\n\nCVE-2017-13077:\n\nreinstallation of the pairwise key in the Four-way handshake\n\nCVE-2017-13078:\n\nreinstallation of the group key in the Four-way handshake\n\nCVE-2017-13079:\n\nreinstallation of the integrity group key in the Four-way\nhandshake\n\nCVE-2017-13080:\n\nreinstallation of the group key in the Group Key handshake\n\nCVE-2017-13081:\n\nreinstallation of the integrity group key in the Group Key\nhandshake\n\nCVE-2017-13082:\n\naccepting a retransmitted Fast BSS Transition Reassociation Request\nand reinstalling the pairwise key while processing it\n\nCVE-2017-13086:\n\nreinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n(TPK) key in the TDLS handshake\n\nCVE-2017-13087:\n\nreinstallation of the group key (GTK) when processing a\nWireless Network Management (WNM) Sleep Mode Response frame\n\nCVE-2017-13088:\n\nreinstallation of the integrity group key (IGTK) when processing\na Wireless Network Management (WNM) Sleep Mode Response frame\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2.3-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpagui\", ver:\"2.3-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2.3-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.4-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpagui\", ver:\"2:2.4-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.4-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpagui\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant-udeb\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171241", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1241\");\n script_version(\"2020-01-23T11:00:31+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1241)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1241\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1241\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2017-1241 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~5.1.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:33", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1242)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171242", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1242\");\n script_version(\"2020-01-23T11:00:42+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1242)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1242\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1242\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2017-1242 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~5.1.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2017-45044b6b33", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_45044b6b33_hostapd_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for hostapd FEDORA-2017-45044b6b33\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873647\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:03:22 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for hostapd FEDORA-2017-45044b6b33\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-45044b6b33\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KGBVGEW4JOQZQF62FQJGCXBMT3UCKOG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.6~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2019-1414)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2018-14526", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191414", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1414\");\n script_version(\"2020-01-23T11:43:07+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:43:07 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:43:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2019-1414)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1414\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1414\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2019-1414 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests.(CVE-2017-13082)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake.(CVE-2017-13086)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078)\n\nA new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077)\n\nA new exploitatio ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~9.h1\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-23T16:49:57", "description": "WPA2 as used in MikroTik RouterOS is prone to multiple security weaknesses\n aka Key Reinstallation Attacks (KRACK).", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "openvas", "title": "MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2020-03-20T00:00:00", "id": "OPENVAS:1361412562310108254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108254", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:mikrotik:routeros\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108254\");\n script_version(\"2020-03-20T12:10:27+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\",\n \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_bugtraq_id(101274);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-20 12:10:27 +0000 (Fri, 20 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 12:31:00 +0200 (Wed, 18 Oct 2017)\");\n script_name(\"MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mikrotik_router_routeros_consolidation.nasl\");\n script_mandatory_keys(\"mikrotik/detected\");\n\n script_xref(name:\"URL\", value:\"https://forum.mikrotik.com/viewtopic.php?f=21&t=126695\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/101274\");\n script_xref(name:\"URL\", value:\"https://www.krackattacks.com/\");\n script_xref(name:\"URL\", value:\"https://mikrotik.com/download/changelogs/\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to one of the following RouterOS versions:\n\n - v6.39.3 or later\n\n - v6.40.4 or later\n\n - v6.41rc or later\");\n\n script_tag(name:\"summary\", value:\"WPA2 as used in MikroTik RouterOS is prone to multiple security weaknesses\n aka Key Reinstallation Attacks (KRACK).\");\n\n script_tag(name:\"impact\", value:\"Exploiting these issues may allow an unauthorized\n user to intercept and manipulate data or disclose sensitive information.\n This may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"Affected modes:\n\n For AP devices: WDS WiFi/nstreme\n\n For CPE devices (MikroTik Station mode): WiFi, nstreme\n\n Affected versions prior to v6.39.3 and v6.40.x prior to v6.40.4.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\n\nif( version_is_less( version:version, test_version:\"6.39.3\" ) )\n fix = \"6.39.3\";\n\nif( version_in_range( version:version, test_version:\"6.40\", test_version2:\"6.40.3\" ) )\n fix = \"6.40.4\";\n\nif( fix ) {\n report = report_fixed_ver( installed_version:version, fixed_version:fix );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2019-1422)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2018-14526", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191422", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1422\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:44:21 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2019-1422)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1422\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1422\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2019-1422 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\n\nAn issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.(CVE-2018-14526)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13088)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake.(CVE-2017-13080)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake.(CVE-2017-13087)\n\nA new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake.(CVE-2017-13077)\n\nA new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake.(CVE-2017-13078)\n\nA new exploitation ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~9.h1.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:33", "description": "A vulnerability was found in how WPA code can be triggered to\nreconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific\nframe that is used to manage the keys. Such reinstallation of the\nencryption key can result in two different types of vulnerabilities:\ndisabling replay protection and significantly reducing the security of\nencryption to the point of allowing frames to be decrypted or some parts\nof the keys to be determined by an attacker depending on which cipher is\nused.\n\nThose issues are commonly known under the ", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for wpa (DLA-1150-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891150", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891150\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_name(\"Debian LTS: Security Advisory for wpa (DLA-1150-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00029.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"wpa on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.0-3+deb7u5. Note that the latter two vulnerabilities (CVE-2017-13087\nand CVE-2017-13088) were mistakenly marked as fixed in the changelog\nwhereas they simply did not apply to the 1.0 version of the WPA source\ncode, which doesn't implement WNM sleep mode responses.\n\nWe recommend that you upgrade your wpa packages.\");\n\n script_tag(name:\"summary\", value:\"A vulnerability was found in how WPA code can be triggered to\nreconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific\nframe that is used to manage the keys. Such reinstallation of the\nencryption key can result in two different types of vulnerabilities:\ndisabling replay protection and significantly reducing the security of\nencryption to the point of allowing frames to be decrypted or some parts\nof the keys to be determined by an attacker depending on which cipher is\nused.\n\nThose issues are commonly known under the 'KRACK' appelation. According\nto US-CERT, 'the impact of exploiting these vulnerabilities includes\ndecryption, packet replay, TCP connection hijacking, HTTP content\ninjection, and others.'\n\nCVE-2017-13077\n\nReinstallation of the pairwise encryption key (PTK-TK) in the\n4-way handshake.\n\nCVE-2017-13078\n\nReinstallation of the group key (GTK) in the 4-way handshake.\n\nCVE-2017-13079\n\nReinstallation of the integrity group key (IGTK) in the 4-way\nhandshake.\n\nCVE-2017-13080\n\nReinstallation of the group key (GTK) in the group key handshake.\n\nCVE-2017-13081\n\nReinstallation of the integrity group key (IGTK) in the group key\nhandshake.\n\nCVE-2017-13082\n\nAccepting a retransmitted Fast BSS Transition (FT) Reassociation\nRequest and reinstalling the pairwise encryption key (PTK-TK)\nwhile processing it.\n\nCVE-2017-13084\n\nReinstallation of the STK key in the PeerKey handshake.\n\nCVE-2017-13086\n\nreinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n(TPK) key in the TDLS handshake.\n\nCVE-2017-13087\n\nreinstallation of the group key (GTK) when processing a Wireless\nNetwork Management (WNM) Sleep Mode Response frame.\n\nCVE-2017-13088\n\nreinstallation of the integrity group key (IGTK) when processing a\nWireless Network Management (WNM) Sleep Mode Response frame.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hostapd\", ver:\"1.0-3+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpagui\", ver:\"1.0-3+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"1.0-3+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-23T17:02:10", "description": "WPA2 as used in Ubiquiti Networks UAP/USW products is prone to\n multiple security weaknesses aka Key Reinstallation Attacks (KRACK).", "cvss3": {}, "published": "2017-10-19T00:00:00", "type": "openvas", "title": "Ubiquiti Networks UAP/USW Products WPA2 Key Reinstallation Vulnerabilities - KRACK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2020-03-20T00:00:00", "id": "OPENVAS:1361412562310108257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108257", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubiquiti Networks UAP/USW Products WPA2 Key Reinstallation Vulnerabilities - KRACK\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108257\");\n script_version(\"2020-03-20T12:10:27+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\",\n \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_bugtraq_id(101274);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-20 12:10:27 +0000 (Fri, 20 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-19 10:31:00 +0200 (Thu, 19 Oct 2017)\");\n script_name(\"Ubiquiti Networks UAP/USW Products WPA2 Key Reinstallation Vulnerabilities - KRACK\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ubnt_discovery_protocol_detect.nasl\");\n script_mandatory_keys(\"ubnt_discovery_proto/detected\", \"ubnt_discovery_proto/firmware\", \"ubnt_discovery_proto/short_model\");\n\n script_xref(name:\"URL\", value:\"https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/101274\");\n script_xref(name:\"URL\", value:\"https://www.krackattacks.com/\");\n\n script_tag(name:\"summary\", value:\"WPA2 as used in Ubiquiti Networks UAP/USW products is prone to\n multiple security weaknesses aka Key Reinstallation Attacks (KRACK).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Exploiting these issues may allow an unauthorized\n user to intercept and manipulate data or disclose sensitive information.\n This may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"UAP/USW products with firmware versions below 3.9.3.7537.\");\n\n script_tag(name:\"solution\", value:\"Upgrade the firmware to 3.9.3.7537 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nfw = get_kb_item( \"ubnt_discovery_proto/firmware\" );\nif( ! fw || fw !~ \"^(BZ|US)\" ) exit( 0 );\n\nsm = get_kb_item( \"ubnt_discovery_proto/short_model\" );\nif( ! sm || sm !~ \"^(U7PG2|U7HD|BZ2|U2Sv2|U2IW|U7P|U2HSR|US24P250|US24PL2|USXG)\" ) exit( 0 );\n\nvers = eregmatch( pattern:\"\\.v([0-9]\\.[0-9]\\.[0-9]+\\.[0-9]+)\", string:fw );\nif( isnull( vers[1] ) ) exit( 0 );\nif( vers[1] !~ \"^3\\.9\" ) exit( 99 ); # Note from vendor: This primarily affects devices that support STA mode. It's worth noting that 1st gen AC devices do not support STA mode, which is why we have only released a 3.9.x firmware.\n\nif( version_is_less( version:vers[1], test_version:\"3.9.3.7537\" ) ) {\n report = report_fixed_ver( installed_version:vers[1], fixed_version:\"3.9.3.7537\" );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:52", "description": "WPA2 as used in several models of the AVM FRITZ!Box are prone to\n multiple security weaknesses aka Key Reinstallation Attacks (KRACK).", "cvss3": {}, "published": "2017-11-22T00:00:00", "type": "openvas", "title": "Multiple AVM FRITZ!Box WPA2 Key Reinstallation Vulnerabilities - KRACK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2018-09-16T00:00:00", "id": "OPENVAS:1361412562310108292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108292", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_avm_fritz_box_krack.nasl 11412 2018-09-16 10:21:40Z cfischer $\n#\n# Multiple AVM FRITZ!Box WPA2 Key Reinstallation Vulnerabilities - KRACK\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:avm:fritz%21_os\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108292\");\n script_version(\"$Revision: 11412 $\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\",\n \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_bugtraq_id(101274);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-16 12:21:40 +0200 (Sun, 16 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 07:59:41 +0100 (Wed, 22 Nov 2017)\");\n script_name(\"Multiple AVM FRITZ!Box WPA2 Key Reinstallation Vulnerabilities - KRACK\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_avm_fritz_box_detect.nasl\");\n script_mandatory_keys(\"avm/fritz/model\", \"avm/fritz/firmware_version\");\n\n script_xref(name:\"URL\", value:\"https://avm.de/service/aktuelle-sicherheitshinweise/\");\n script_xref(name:\"URL\", value:\"https://en.avm.de/service/current-security-notifications/\");\n\n script_tag(name:\"vuldetect\", value:\"Check the firmware version.\");\n\n script_tag(name:\"solution\", value:\"Update the firmware to version 6.92 or later.\");\n\n script_tag(name:\"summary\", value:\"WPA2 as used in several models of the AVM FRITZ!Box are prone to\n multiple security weaknesses aka Key Reinstallation Attacks (KRACK).\");\n\n script_tag(name:\"affected\", value:\"AVM FRITZ!Box 7590, 7580, 7560 and 7490 with a firmware below 6.92,\n if configured to access the internet provided by another router via wireless LAN uplink.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! fw_version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\nif( ! model = get_kb_item( \"avm/fritz/model\" ) ) exit( 0 );\n\n# Those got a fix from AVM but other models might be vulnerable as well\nvalid_models = make_list( \"7590\", \"7580\", \"7560\", \"7490\" );\n\nforeach m( valid_models ) {\n if( egrep( string:model, pattern:'^' + m ) ) {\n vuln_model = TRUE;\n break;\n }\n}\n\nif( ! vuln_model ) exit( 0 );\n\npatch = \"6.92\";\nif( version_is_less( version:fw_version, test_version:patch ) ) {\n report = 'Model: ' + model + '\\n';\n report += 'Installed Firmware: ' + fw_version + '\\n';\n report += 'Fixed Firmware: ' + patch;\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for wpa USN-3455-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4476", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2016-4477", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3455_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for wpa USN-3455-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843342\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 16:53:52 +0200 (Wed, 18 Oct 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\", \"CVE-2016-4476\", \"CVE-2016-4477\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for wpa USN-3455-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mathy Vanhoef discovered that wpa_supplicant\n and hostapd incorrectly handled WPA2. A remote attacker could use this issue\n with using key reinstallation attacks to obtain sensitive information.\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\n CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad\n discovered that wpa_supplicant and hostapd incorrectly handled invalid\n characters in passphrase parameters. A remote attacker could use this issue to\n cause a denial of service. (CVE-2016-4476) Imre Rad discovered that\n wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase\n parameters. A local attacker could use this issue to cause a denial of service,\n or possibly execute arbitrary code. (CVE-2016-4477)\");\n script_tag(name:\"affected\", value:\"wpa on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3455-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3455-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2.1-0ubuntu1.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2.1-0ubuntu1.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2.4-0ubuntu9.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2.4-0ubuntu9.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2.4-0ubuntu6.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2.4-0ubuntu6.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2023-07-28T06:45:27", "description": "### **CVSS v3 6.8**\n\n**ATTENTION: **Public exploits are available.\n\n**Vendor:** PHOENIX CONTACT\n\n**Equipment:** WLAN capable devices using the WPA2 Protocol\n\n**Vulnerabilities:** Reusing a Nonce\n\n## AFFECTED PRODUCTS\n\nPHOENIX CONTACT reports that these vulnerabilities affect all versions of the following WLAN capable devices using the WPA2 Protocol:\n\n * BL2 BPC,\n * BL2 PPC,\n * FL COMSERVER WLAN 232/422/485,\n * FL WLAN 110x,\n * FL WLAN 210x,\n * FL WLAN 510x,\n * FL WLAN 230 AP 802-11,\n * FL WLAN 24 AP 802-11,\n * FL WLAN 24 DAP 802-11,\n * FL WLAN 24 EC 802-11,\n * FL WLAN EPA,\n * FL WLAN SPA,\n * ITC 8113,\n * RAD-80211-XD,\n * RAD-WHG/WLAN-XD,\n * TPC 6013,\n * VMT 30xx,\n * VMT 50xx, and\n * VMT 70xx.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to operate as a \u201cman-in-the-middle\u201d between the device and the wireless access point.\n\n## MITIGATION\n\nPHOENIX CONTACT has reported that users operating embedded devices in AP mode are not affected by these vulnerabilities. PHOENIX CONTACT is actively working on discovering how these vulnerabilities affect its products and plans to release future updates as they become available. For more information, please see the advisory at this location:\n\n<https://cert.vde.com/de-de/advisories/vde-2017-003>\n\nPHOENIX CONTACT recommends that users apply the security update provided by Microsoft at the following location for devices running Microsoft Windows:\n\n<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-13080>\n\nIf WPA-TKIP is being used for WLAN configuration, PHOENIX CONTACT recommends the user switch to AES-CCMP immediately.\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities are not remotely exploitable. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)\n\nMultiple products are affected by key reinstallation attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): reinstallation of the pairwise key in the four-way handshake,\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): reinstallation of the group key in the four-way handshake, and\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): reinstallation of the group key in the group key handshake,\n\nA CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. PHOENIX CONTACT reported these vulnerabilities to CERT@VDE. CERT@VDE coordinated these vulnerabilities with ICS-CERT.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Communications, Critical Manufacturing, Information Technology\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-11-21T12:00:00", "type": "ics", "title": "PHOENIX CONTACT WLAN Capable Devices using the WPA2 Protocol", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080"], "modified": "2017-11-21T12:00:00", "id": "ICSA-17-325-01", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-325-01", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-28T06:36:19", "description": "### **CVSS v3 8.1**\n\n**ATTENTION:** Low skill level is needed to exploit. Public exploits are available.\n\n**Vendor:** PEPPERL+FUCHS/ecom instruments\n\n**Equipment:** WLAN capable devices using the WPA2 Protocol\n\n**Vulnerabilities:** Reusing a Nonce\n\n## AFFECTED PRODUCTS\n\nPEPPERL+FUCHS/ecom instruments reports that these vulnerabilities affect all versions of the following WLAN capable devices using the WPA2 Protocol:\n\n * Tab-Ex 01,\n * Ex-Handy 09,\n * Ex-Handy 209,\n * Smart-Ex 01,\n * Smart-Ex 201,\n * Pad-Ex 01,\n * i.roc Ci70-Ex,\n * CK70A-ATEX,\n * CK71A-ATEX,\n * CN70A-ATEX, and\n * CN70E-ATEX.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to operate as a \u201cman-in-the-middle\u201d between the device and the wireless access point.\n\n## MITIGATION\n\nPEPPERL+FUCHS/ecom instruments report the following mitigations:\n\nAndroid\n\n * Affected Products: Tab-Ex 01, Ex-Handy 09, Ex-Handy 209, Smart-Ex 01, Smart-Ex 201\n * ecom instruments is actively working on these vulnerabilities. This advisory will updated as soon as further significant details are provided by the vendor, with an emphasis on information about available patches.\n\nWindows\n\n * Affected Products: Pad-Ex 01, i.roc Ci70-Ex, CK70A-ATEX, CK71A-ATEX, CN70A-ATEX, CN70E-ATEX\n * For ecom instruments devices running Windows, ecom instruments recommends users apply the security update provided by Microsoft. If users are using WPA-TKIP in their WLAN, users should switch to AES-CCMP immediately.\n\nFor more information CERT@VDE has released a security advisory found at:\n\n<https://cert.vde.com/de-de/advisories/vde-2017-005>\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\n## VULNERABILITY OVERVIEW\n\n## [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)\n\nMultiple products are affected by key reinstallation attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): Reinstallation of the pairwise key during the four-way handshake.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): Reinstallation of the group key during the four-way handshake.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): Reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): Reinstallation of the group key during the group key handshake.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): Reinstallation of the IGTK during the group key handshake.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): Reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): Reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): Reinstallation of the IGTK when processing a WNM Sleep Mode Response frame.\n\nA CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. PEPPERL+FUCHS reported to CERT@VDE that their products are affected. CERT@VDE coordinated these vulnerabilities with ICS-CERT.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Communications, Critical Manufacturing, Information Technology\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-12-19T12:00:00", "type": "ics", "title": "PEPPERL+FUCHS/ecom instruments WLAN Capable Devices using the WPA2 Protocol", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "modified": "2017-12-19T12:00:00", "id": "ICSA-17-353-02", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-353-02", "cvss&q