Search...

Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)

2017-10-17T00:00:00

ID FORTIOS_FG-IR-17-196.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-03-02T00:00:00

Description

The remote host is running FortiOS prior to 5.2, 5.2.x prior to or equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to or equal to 5.6.2. It is, therefore, affected by multiple vulnerabilities discovered in the WPA2 handshake protocol.

Note these issues affect only WiFi model devices in 'Wifi Client' mode.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(103873);
  script_version("1.11");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id(
    "CVE-2017-13077",
    "CVE-2017-13078",
    "CVE-2017-13079",
    "CVE-2017-13080",
    "CVE-2017-13081"
  );
  script_bugtraq_id(99549, 100516, 101274);
  script_xref(name:"IAVA", value:"2017-A-0310");

  script_name(english:"Fortinet FortiGate &lt; 5.2 / 5.2.x &lt;= 5.2.11 / 5.4.x &lt;= 5.4.5 / 5.6.x &lt;= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)");
  script_summary(english:"Checks the version of FortiOS.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is running FortiOS prior to 5.2, 5.2.x prior to
or equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to
or equal to 5.6.2. It is, therefore, affected by multiple
vulnerabilities discovered in the WPA2 handshake protocol.

Note these issues affect only WiFi model devices in
'Wifi Client' mode.");
  script_set_attribute(attribute:"see_also", value:"https://fortiguard.com/psirt/FG-IR-17-196");
  script_set_attribute(attribute:"see_also", value:"https://www.krackattacks.com/");
  script_set_attribute(attribute:"solution", value:
"Contact vendor for guidance and patches.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13077");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/17");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fortinet:fortios");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Firewalls");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("fortinet_version.nbin");
  script_require_keys("Host/Fortigate/model", "Host/Fortigate/version", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("vcf.inc");

app_name = "FortiOS";

model = get_kb_item_or_exit("Host/Fortigate/model");

# Make sure device is FortiWiFi.
if (!preg(string:model, pattern:"fortiwifi", icase:TRUE)) audit(AUDIT_HOST_NOT, "a FortiGate WiFi model");

if (report_paranoia &lt; 2) audit(AUDIT_PARANOID);

app_info = vcf::get_app_info(app:app_name, kb_ver:"Host/Fortigate/version");

constraints = [
  # &lt; 5.2
  { "min_version" : "0.0.0", "max_version" : "5.2.0",  "fixed_display" : "See Solution." },
  # 5.2 x &lt;= 5.2.11
  { "min_version" : "5.2.0", "max_version" : "5.2.11", "fixed_display" : "See Solution." },
  # 5.4.x &lt;= 5.4.5
  { "min_version" : "5.4.0", "max_version" : "5.4.5",  "fixed_display" : "See Solution." },
  # 5.6.x &lt;= 5.6.2
  { "min_version" : "5.6.0", "max_version" : "5.6.2",  "fixed_display" : "See Solution." }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

JSON Vulners Source

Initial Source

{"id": "FORTIOS_FG-IR-17-196.NASL", "bulletinFamily": "scanner", "title": "Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)", "description": "The remote host is running FortiOS prior to 5.2, 5.2.x prior to\nor equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to\nor equal to 5.6.2. It is, therefore, affected by multiple\nvulnerabilities discovered in the WPA2 handshake protocol.\n\nNote these issues affect only WiFi model devices in\n'Wifi Client' mode.", "published": "2017-10-17T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/103873", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://fortiguard.com/psirt/FG-IR-17-196", "https://www.krackattacks.com/"], "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "type": "nessus", "lastseen": "2021-03-01T02:47:42", "edition": 36, "viewCount": 63, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310891573", "OPENVAS:1361412562310107191", "OPENVAS:1361412562310140451", "OPENVAS:1361412562310873515", "OPENVAS:1361412562310140452", "OPENVAS:1361412562310873699", "OPENVAS:1361412562310873510", "OPENVAS:1361412562310851627", "OPENVAS:1361412562310140432", "OPENVAS:1361412562310873647"]}, {"type": "hp", "idList": ["HP:C05872536", "HP:C05876244"]}, {"type": "cve", "idList": ["CVE-2017-13079", "CVE-2017-13077", "CVE-2017-13081", "CVE-2017-13080", "CVE-2017-13078"]}, {"type": "nessus", "idList": ["SUSE_SU-2017-2745-1.NASL", "FEDORA_2017-12E76E8364.NASL", "ARUBAOS_KRACK.NASL", "OPENSUSE-2017-1163.NASL", "SUSE_SU-2017-2752-1.NASL", "EULEROS_SA-2017-1242.NASL", "FEDORA_2017-60BFB576B7.NASL", "DEBIAN_DLA-1573.NASL", "FEDORA_2017-F45E844A85.NASL", "DEBIAN_DSA-3999.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2907", "ELSA-2017-2911"]}, {"type": "archlinux", "idList": ["ASA-201710-23", "ASA-201710-22"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3999-1:C5D5F", "DEBIAN:DLA-1573-1:A1DDB", "DEBIAN:DLA-1150-1:A6833"]}, {"type": "fedora", "idList": ["FEDORA:AA0BE60A8642", "FEDORA:6D2216047E58", "FEDORA:0CCFB604C905", "FEDORA:0DD9C604DD0F", "FEDORA:6384860875B6", "FEDORA:1714A6074A50"]}, {"type": "apple", "idList": ["APPLE:HT208847", "APPLE:HT208354", "APPLE:HT208258"]}, {"type": "ics", "idList": ["ICSA-17-318-01B", "ICSMA-18-114-01", "ICSA-17-318-02A", "ICSA-17-353-02", "ICSA-17-318-01", "ICSA-17-325-01", "ICSMA-19-029-01", "ICSA-17-318-01A", "ICSA-17-318-02", "ICSA-17-318-01C"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2755-1", "SUSE-SU-2017:2745-1", "SUSE-SU-2017:2752-1"]}, {"type": "nvidia", "idList": ["NVIDIA:4601"]}, {"type": "centos", "idList": ["CESA-2017:2911"]}, {"type": "redhat", "idList": ["RHSA-2017:2911"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171117-01-WPA"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789609"]}, {"type": "freebsd", "idList": ["D670A953-B2A1-11E7-A633-009C02A2AB30"]}, {"type": "cisco", "idList": ["CISCO-SA-20171016-WPA"]}, {"type": "thn", "idList": ["THN:29EC2E0BD61CF15B2E756ECA04EDFF50"]}, {"type": "slackware", "idList": ["SSA-2017-291-02"]}, {"type": "hackerone", "idList": ["H1:286740"]}, {"type": "f5", "idList": ["F5:K23642330"]}, {"type": "gentoo", "idList": ["GLSA-201711-03"]}, {"type": "lenovo", "idList": ["LENOVO:PS500143-NOSID"]}], "modified": "2021-03-01T02:47:42", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-03-01T02:47:42", "rev": 2}, "vulnersScore": 6.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103873);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\"\n );\n script_bugtraq_id(99549, 100516, 101274);\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)\");\n script_summary(english:\"Checks the version of FortiOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running FortiOS prior to 5.2, 5.2.x prior to\nor equal to 5.2.11, 5.4.x prior to or equal 5.4.5, or 5.6.x prior to\nor equal to 5.6.2. It is, therefore, affected by multiple\nvulnerabilities discovered in the WPA2 handshake protocol.\n\nNote these issues affect only WiFi model devices in\n'Wifi Client' mode.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://fortiguard.com/psirt/FG-IR-17-196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.krackattacks.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Contact vendor for guidance and patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fortinet:fortios\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"fortinet_version.nbin\");\n script_require_keys(\"Host/Fortigate/model\", \"Host/Fortigate/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"vcf.inc\");\n\napp_name = \"FortiOS\";\n\nmodel = get_kb_item_or_exit(\"Host/Fortigate/model\");\n\n# Make sure device is FortiWiFi.\nif (!preg(string:model, pattern:\"fortiwifi\", icase:TRUE)) audit(AUDIT_HOST_NOT, \"a FortiGate WiFi model\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_info = vcf::get_app_info(app:app_name, kb_ver:\"Host/Fortigate/version\");\n\nconstraints = [\n # < 5.2\n { \"min_version\" : \"0.0.0\", \"max_version\" : \"5.2.0\", \"fixed_display\" : \"See Solution.\" },\n # 5.2 x <= 5.2.11\n { \"min_version\" : \"5.2.0\", \"max_version\" : \"5.2.11\", \"fixed_display\" : \"See Solution.\" },\n # 5.4.x <= 5.4.5\n { \"min_version\" : \"5.4.0\", \"max_version\" : \"5.4.5\", \"fixed_display\" : \"See Solution.\" },\n # 5.6.x <= 5.6.2\n { \"min_version\" : \"5.6.0\", \"max_version\" : \"5.6.2\", \"fixed_display\" : \"See Solution.\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "naslFamily": "Firewalls", "pluginID": "103873", "cpe": ["cpe:/o:fortinet:fortios"], "scheme": null, "cvss3": {"score": 6.8, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}}

{"openvas": [{"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "description": "Cisco Wireless IP Phone 8821 is prone to key reinstallation attacks against\nWPA protocol.", "modified": "2018-10-26T00:00:00", "published": "2017-10-17T00:00:00", "id": "OPENVAS:1361412562310140432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140432", "type": "openvas", "title": "Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8821_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140432\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-17 09:02:23 +0700 (Tue, 17 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco Wireless IP Phone 8821 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco Wireless IP Phone 8821 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 11.0(3)SR5 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8821\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip8821\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"11.0.3SR5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"11.0.3SR5\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077"], "description": "WPA2 as used in Intel Active Management Technology is prone to multiple security weaknesses aka Key Reinstallation Attacks (KRACK)", "modified": "2018-10-26T00:00:00", "published": "2017-10-19T00:00:00", "id": "OPENVAS:1361412562310107191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107191", "type": "openvas", "title": "Intel Active Management Technology WPA2 Key Reinstallation Vulnerabilities - KRACK", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_intel_amt_wpa2_krack.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Intel Active Management Technology WPA2 Key Reinstallation Vulnerabilities - KRACK\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:intel:active_management_technology\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107191\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-19 13:48:56 +0700 (Thu, 19 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13080\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_name(\"Intel Active Management Technology WPA2 Key Reinstallation Vulnerabilities - KRACK\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_intel_amt_webui_detect.nasl\");\n script_mandatory_keys(\"intel_amt/installed\");\n\n script_tag(name:\"summary\", value:\"WPA2 as used in Intel Active Management Technology is prone to multiple security weaknesses aka Key Reinstallation Attacks (KRACK)\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Intel AMT firmware versions 2.5.x, 2.6, 4.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.0-11.8.\");\n\n script_tag(name:\"solution\", value:\"Intel is targeting an updated firmware release to System Manufacturers in early November 2017 to address the identified WPA2 vulnerabilities.\n Please contact System Manufacturers to ascertain availability of the updated firmware for their impacted systems.\n Until the firmware update is deployed, configuring Active Management Technology in TLS Mode to encrypt manageability\n network traffic is considered a reasonable mitigation for remote network man-in-the-middle or eavesdropping attacks.\");\n\n script_xref(name:\"URL\", value:\"https://www.intel.com/content/www/us/en/software/setup-configuration-software.html\");\n script_xref(name:\"URL\", value:\"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"8\"))\n{\n report = report_fixed_ver(installed_version: version, fixed_version: \"None Available\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version =~ \"^(8(\\.[0-9]+)?|9(\\.[0-9]+)?|10(\\.[0-9]+)?)\" || version_in_range(version: version, test_version: \"11.0\", test_version2: \"11.8\"))\n{\n report = report_fixed_ver(installed_version: version, fixed_version: \"See Vendor\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-0561", "CVE-2017-13078", "CVE-2017-9417", "CVE-2016-0801", "CVE-2017-13081", "CVE-2017-13077"], "description": "Several vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation\nor loss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the\nBroadcom wifi firmware and proprietary drivers that could lead to\nremote code execution. However, this vulnerability is not\nbelieved to affect the drivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS\nimplementation in Broadcom wifi firmware. This could be exploited\nby an attacker on the same WPA2 network to execute code on the\nwifi microcontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the\nWMM implementation in Broadcom wifi firmware. This could be\nexploited by a nearby attacker to execute code on the wifi\nmicrocontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol used for\nauthentication in wireless networks, dubbed ", "modified": "2020-01-29T00:00:00", "published": "2018-11-13T00:00:00", "id": "OPENVAS:1361412562310891573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891573", "type": "openvas", "title": "Debian LTS: Security Advisory for firmware-nonfree (DLA-1573-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891573\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-0801\", \"CVE-2017-0561\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\",\n \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-9417\");\n script_name(\"Debian LTS: Security Advisory for firmware-nonfree (DLA-1573-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-13 00:00:00 +0100 (Tue, 13 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"firmware-nonfree on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n20161130-4~deb8u1. This version also adds new firmware and packages\nfor use with Linux 4.9, and re-adds firmware-{adi, ralink} as\ntransitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation\nor loss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the\nBroadcom wifi firmware and proprietary drivers that could lead to\nremote code execution. However, this vulnerability is not\nbelieved to affect the drivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS\nimplementation in Broadcom wifi firmware. This could be exploited\nby an attacker on the same WPA2 network to execute code on the\nwifi microcontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the\nWMM implementation in Broadcom wifi firmware. This could be\nexploited by a nearby attacker to execute code on the wifi\nmicrocontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol used for\nauthentication in wireless networks, dubbed 'KRACK'.\n\nAn attacker exploiting the vulnerabilities could force the\nvulnerable system to reuse cryptographic session keys, enabling a\nrange of cryptographic attacks against the ciphers used in WPA1\nand WPA2.\n\nThese vulnerabilities are only being fixed for certain Broadcom\nwifi chips, and might still be present in firmware for other wifi\nhardware.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-adi\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-atheros\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-bnx2\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-bnx2x\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-brcm80211\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-intelwimax\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ipw2x00\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ivtv\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-iwlwifi\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-libertas\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-linux\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-linux-nonfree\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-myricom\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-netxen\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-qlogic\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ralink\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-realtek\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-samsung\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firmware-ti-connectivity\", ver:\"20161130-4~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-10-21T00:00:00", "id": "OPENVAS:1361412562310873515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873515", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_12e76e8364_wpa_supplicant_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873515\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:52:30 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-13082\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2017-13077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-12e76e8364\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O6SYMGH6E5OY5UT6UM342YZWGFEABN3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~3.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Cisco IP Phone 8865 is prone to key reinstallation attacks against\nWPA protocol.", "modified": "2018-10-26T00:00:00", "published": "2017-10-25T00:00:00", "id": "OPENVAS:1361412562310140452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140452", "type": "openvas", "title": "Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8865_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140452\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 10:19:05 +0700 (Wed, 25 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco IP Phone 8865 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 12.0.1SR1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8865\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip8845_65\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"12.0.1SR1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.0.1SR1\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Cisco IP Phone 8861 is prone to key reinstallation attacks against\nWPA protocol.", "modified": "2018-10-26T00:00:00", "published": "2017-10-25T00:00:00", "id": "OPENVAS:1361412562310140451", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140451", "type": "openvas", "title": "Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8861_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140451\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 10:08:52 +0700 (Wed, 25 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco IP Phone 8861 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 12.0.1SR1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8861\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip88xx\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"12.0.1SR1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.0.1SR1\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-10-21T00:00:00", "id": "OPENVAS:1361412562310873510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873510", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_60bfb576b7_wpa_supplicant_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873510\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:52:00 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-13082\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2017-13077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-60bfb576b7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QU3OES2BGSLFQGSDGNMTUWDQFC3JJ2Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~11.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-10-18T00:00:00", "id": "OPENVAS:1361412562310851627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851627", "type": "openvas", "title": "openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2017:2755-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851627\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 16:54:50 +0200 (Wed, 18 Oct 2017)\");\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"2.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2017:2755-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for wpa_supplicant fixes the security issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"wpa_supplicant on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2755-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debuginfo\", rpm:\"wpa_supplicant-debuginfo~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debugsource\", rpm:\"wpa_supplicant-debugsource~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui\", rpm:\"wpa_supplicant-gui~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui-debuginfo\", rpm:\"wpa_supplicant-gui-debuginfo~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debuginfo\", rpm:\"wpa_supplicant-debuginfo~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debugsource\", rpm:\"wpa_supplicant-debugsource~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui\", rpm:\"wpa_supplicant-gui~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui-debuginfo\", rpm:\"wpa_supplicant-gui-debuginfo~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171241", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1241)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1241\");\n script_version(\"2020-01-23T11:00:31+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1241)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1241\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1241\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2017-1241 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~5.1.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-23T00:00:00", "id": "OPENVAS:1361412562310873667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873667", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2017-fc21e3856b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_fc21e3856b_hostapd_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for hostapd FEDORA-2017-fc21e3856b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873667\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:05:54 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for hostapd FEDORA-2017-fc21e3856b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fc21e3856b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ACQBCSWVEYIR6CEXGZBHR23QKXANVOS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.6~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "hp": [{"lastseen": "2020-10-13T01:02:16", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "description": "## Potential Security Impact\nKRACK Attacks \n\n## VULNERABILITY SUMMARY\nOn October 16, security researchers publicly announced vulnerabilities in the WiFi WPA2 standard. See the References section below for links to additional resources describing the KRACK Attacks WPA2 potential vulnerabilities in detail.\n\nThe HP printing devices and networking accessories listed below are susceptible to the applicable vulnerabilities (CVE) noted in the References section below. However, the vulnerabilities described in the CVEs can be mitigated for each of these devices and accessories as set forth in the Workarounds section below.\n\n * HP LaserJet Enterprise printers and multifunction printers\n\n * HP LaserJet Managed printers and multifunction printers\n\n * HP LaserJet Pro printers and multifunction printers\n\n * HP PageWide Enterprise printers and multifunction printers\n\n * HP PageWide Pro printers and multifunction printers\n\n * HP OfficeJet Enterprise series printers and multifunction printers\n\n * HP OfficeJet Pro printers and multifunction printers\n\n * HP Inkjet (DeskJet, Envy, PhotoSmart) printers and multifunction printers\n\n * HP DesignJet large format printers\n\n * HP JetDirect wireless print server accessories\n\n## RESOLUTION\nCustomers may mitigate risk for the identified vulnerabilities through one of the methods listed below. Devices vary in configuration procedures, so please refer to the product user guide for specific instructions.\n\n * Do not use unpatched clients to connect to the print device Wi-Fi Direct network. Wi-Fi Direct implementation is not impacted, but unpatched mobile devices could be subject to attack when connecting to Wi-Fi Direct\n\n * Configure the wireless access point or printer to only allow WPA2-AES/CCMP mode, thus disabling WPA-TKIP\n\n * Use only TLS enabled protocols to communicate with the printer\n\n * Turning off printer Wi-Fi and using Ethernet or USB\n\n**What can you do?**\n\nSubscribe to HP real-time security information: All HP products use a common centralized Security Bulletin process managed by HP\u00b4s Product Security Response Team (PSRT). Subscribe to HP Security Bulletins by following these steps:\n\n 1. Go to <http://www.hp.com/go/support>. \n\n 2. Click **Get software and drivers**. \n\n 3. Find your product.\n\n 4. Scroll to the bottom of the page and under **Other support resources**, click **Sign up for driver, support & security alerts**. \n\n 5. Follow the onscreen prompts to sign up for alerts.\n", "edition": 2, "modified": "2018-01-09T00:00:00", "published": "2018-01-09T00:00:00", "id": "HP:C05872536", "href": "https://support.hp.com/us-en/document/c05872536", "title": "HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities", "type": "hp", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T13:21:46", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "description": "## Potential Security Impact\nRemote disclosure of information.\n\n**Source:**Mathy Vanhoef of imec-DistriNet, KU Leuven \n\n## VULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2. This vulnerability known as Key Reinstallation Attacks or \u201cKRACK attacks\u201d which could potentially be exploited remotely to allow disclosure of information.\n\n## RESOLUTION\nHP has provided firmware updates for potentially impacted printers for the products listed in the table below. \n\nTo obtain the updated firmware, go to the HP Software site and search for your printer model. \n\n> note:\n> \n> Some FutureSmart printers have multiple firmware platforms\u2014FutureSmart 3 (FS3) and FutureSmart 4 (FS4). Select the appropriate firmware version for the required FutureSmart platform.\n\n> note:\n> \n> For firmware marked with *, please [contact HP](<https://support.hp.com/contact-hp>) support to obtain the firmware update. \n\nProduct Name\n\n| \n\nModel Number\n\n| \n\nFirmware Revision \n \n---|---|--- \n \nHP LaserJet Enterprise M506 (4-line display)\n\n| \n\nF2A68A, F2A69A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nHP LaserJet Enterprise M506 (4-line display)\n\n| \n\nF2A66A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nHP LaserJet Enterprise M506\n\n| \n\nF2A70A, F2A71A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nFS4: 2405135_000396 (or higher)* \n \nHP LaserJet Managed M506\n\n| \n\nF2A67A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nFS4: 2405135_000396 (or higher)* \n \nHP Color LaserJet Enterprise M551\n\n| \n\nCF081A, CF082A,CF083A\n\n| \n\nFS3: 2308937_578506 (or higher) \n \nHP Color LaserJet Enterprise M552\n\n| \n\nB5L23A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Enterprise M553 (4-line display)\n\n| \n\nB5L24A, B5L25A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Managed M553 series (4-line display)\n\n| \n\nB5L38A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Enterprise M553\n\n| \n\nB5L26A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nFS4: 2405135_000400 (or higher)* \n \nHP Color LaserJet Enterprise M553\n\n| \n\nB5L39A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nFS4: 2405135_000400 (or higher)* \n \nHP OfficeJet Enterprise Color X555\n\n| \n\nC2S11A, C2S11V, C2S12A, C2S12V, L1H45A\n\n| \n\nFS3: 2308937_578482 (or higher) \n \nFS4: 2405135_000398 (or higher) \n \nHP PageWide Enterprise Color 556\n\n| \n\nG1W46A, G1W46V, G1W47A, G1W47V, L3U44A\n\n| \n\nFS3: 2308937_578491 (or higher) \n \nFS4: 2405135_000394 (or higher) \n \nHP PageWide Managed Color E55650 series\n\n| \n\nL3U44A\n\n| \n\nFS3: 2308937_578491 (or higher) \n \nFS4: 2405135_000394 (or higher) \n \nHP LaserJet Enterprise M601\n\n| \n\nCE989A, CE990A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M602 \n\n| \n\nCE991A, CE992A, CE993A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M603 \n\n| \n\nCE994A, CE995A, CE996A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M604 \n\n| \n\nE6B67A, E6B68A \n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M605 (4-line display)\n\n| \n\nE6B69A, E6B70A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M605 \n\n| \n\nE6B71A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nFS4: 2405135_000395 (or higher)* \n \nHP LaserJet Enterprise M606 (4-line display)\n\n| \n\nE6B72A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M606 \n\n| \n\nE6B73A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nFS4: 2405135_000395 (or higher)* \n \nHP LaserJet Enterprise M607 \n\n| \n\nK0Q14A, K0Q15A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Enterprise M608 \n\n| \n\nK0Q17A, K0Q18A, M0P32A, K0Q19A \n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Enterprise M609\n\n| \n\nK0Q20A, K0Q21A, K0Q22A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60055 \n\n| \n\nM0P33A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60065 \n\n| \n\nM0P35A, M0P36A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60075 \n\n| \n\nM0P39A, M0P40A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP Color LaserJet Enterprise M651\n\n| \n\nCZ255A, CZ256A, CZ257A, CZ258A\n\n| \n\nFS3: 2308937_578497 (or higher) \n \nHP Color LaserJet Managed M651 series\n\n| \n\nH0DC9A, L8Z07A\n\n| \n\nFS3: 2308937_578497 (or higher) \n \nFS4: 2405135_000389 (or higher) \n \nHP Color LaserJet Enterprise M652\n\n| \n\nJ7Z98A, J7Z99A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Enterprise M653\n\n| \n\nJ8A04A, J8A05A, J8A06A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Managed E65050\n\n| \n\nL3U55A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Managed E65060\n\n| \n\nL3U56A, L3U57A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP LaserJet Enterprise M712\n\n| \n\nCF235A, CF236A, CF238A\n\n| \n\nFS3: 2308937_578504 (or higher) \n \nHP Color LaserJet Enterprise M750\n\n| \n\nD3L08A, D3L09A, D3L10A\n\n| \n\nFS3: 2308937_578501 (or higher) \n \nHP PageWide Enterprise Color 765\n\n| \n\nJ7Z04A\n\n| \n\nFS4: 2405347_024812 (or higher) \n \nHP PageWide Managed Color E75160\n\n| \n\nJ7Z06A\n\n| \n\nFS4: 2405347_024812 (or higher) \n \nHP LaserJet Enterprise M806 \n\n| \n\nCZ244A, CZ245A\n\n| \n\nFS3: 2308937_578500 (or higher) \n \nFS4: 2405135_000404 (or higher) \n \nHP Color LaserJet Enterprise M855\n\n| \n\nA2W77A, A2W78A, A2W79A, D7P73A\n\n| \n\nFS3: 2308937_578499 (or higher)) \n \nFS4: 2405135_000399 (or higher) \n \nHP LaserJet Enterprise MFP M525\n\n| \n\nCF116A, CF117A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Enterprise flow MFP M525\n\n| \n\nCF118A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Managed MFP M525 series\n\n| \n\nL3U59A , L3U60A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Enterprise MFP M527\n\n| \n\nF2A76A, F2A77A, F2A81A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Flow MFP M527\n\n| \n\nF2A78V\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Managed MFP M527\n\n| \n\nF2A79A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Managed Flow MFP M527\n\n| \n\nF2A80A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Color MFP M575\n\n| \n\nCD644A, CD645A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet 500 Color Flow MFP M575 series\n\n| \n\nCD646A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP LaserJet Enterprise Managed MFP M575\n\n| \n\nL3U46A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet Managed Flow MFP M575 series\n\n| \n\nL3U45A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet Enterprise MFP M577\n\n| \n\nB5L46A, B5L47A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M577\n\n| \n\nB5L48A, B5L54A \n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Managed MFP M577 series\n\n| \n\nB5L49A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Managed Flow MFP M577 series\n\n| \n\nB5L50A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP OfficeJet Enterprise Color MFP X585\n\n| \n\nB5L04A, B5L05A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP OfficeJet Enterprise Color Flow MFP X585\n\n| \n\nB5L06A, B5L07A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP OfficeJet Managed Color MFP X585\n\n| \n\nL3U40A, L3U41A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP PageWide Enterprise Color MFP 586\n\n| \n\nG1W39A, G1W39V, G1W40A, G1W40V\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Enterprise Color Flow MFP 586\n\n| \n\nG1W41A, G1W41V\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Managed Color MFP E58650 series\n\n| \n\nL3U42A\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Managed Color MFP Flow E58650 series\n\n| \n\nL3U43A\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP LaserJet Enterprise MFP M630\n\n| \n\nB3G85A, J7X28A, B3G84A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Enterprise Flow MFP M630\n\n| \n\nP7Z47A, B3G86A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Managed MFP M630\n\n| \n\nL3U61A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Managed Flow MFP M630\n\n| \n\nL3U62A, P7Z48A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Enterprise MFP M631\n\n| \n\nJ8J64A, J8J63A, J8J65A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Enterprise MFP M632\n\n| \n\nJ8J70A, J8J71A, J8J72A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Enterprise MFP M633\n\n| \n\nJ8J76A, J8J78A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed MFP E62555dn\n\n| \n\nJ8J66A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62555dn\n\n| \n\nJ8J67A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed MFP E62565hs\n\n| \n\nJ8J73A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62565h, z\n\n| \n\nJ8J74A, J8J79A \n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62575z\n\n| \n\nJ8J80A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP Color LaserJet Enterprise MFP M680\n\n| \n\nCZ248A, CZ249A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M680\n\n| \n\nCZ250A, CA251A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Managed MFP M680\n\n| \n\nL3U47A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Managed Flow MFP M680\n\n| \n\nL3U48A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Enterprise MFP M681\n\n| \n\nJ8A10A, J8A11A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M681f\n\n| \n\nJ8A12A, J8A13A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M682\n\n| \n\nJ8A17A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise MFP M682\n\n| \n\nJ8A16A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed Flow MFP E67550\n\n| \n\nL3U67A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed Flow MFP E67560\n\n| \n\nL3U70A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed MFP E67550d\n\n| \n\nL3U66A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed MFP E67560d\n\n| \n\nL3U69A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP LaserJet Enterprise MFP M725\n\n| \n\nCF066A, CF067A, CF068A, CF069A\n\n| \n\nFS3: 2308937_578498 (or higher) \n \nFS4: 2405135_000401 (or higher) \n \nHP LaserJet Managed MFP 725 series\n\n| \n\nL3U63A, L3U64A\n\n| \n\nFS3: 2308937_578498 (or higher) \n \nFS4: 2405135_000401 (or higher) \n \nHP LaserJet Enterprise 700 color MFP M775 series\n\n| \n\nCC522A, CC523A, CC524A\n\n| \n\nFS3: 2308937_578505 (or higher) \n \nFS4: 2405135_000405 (or higher) \n \nHP Color LaserJet Managed MFP M775 series\n\n| \n\nL3U49A, L3U50A\n\n| \n\nFS3: 2308937_578505 (or higher) \n \nFS4: 2405135_000405 (or higher) \n \nHP PageWide Enterprise Color MFP 780\n\n| \n\nJ7Z10A, J7Z09A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Enterprise Color MFP 785\n\n| \n\nJ7Z11A, J7Z12A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color MFP E77650\n\n| \n\nJ7Z05A, J7Z08A, J7A13A, J7Z14A, Z5G79A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color Flow MFP E77650\n\n| \n\nJ7Z08A, J7Z14A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color Flow MFP E77660\n\n| \n\nZ5G77A, J7Z03A, J7Z07A, J7Z05A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color MFP E77650\n\n| \n\nJ7Z13A, Z5G79A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP LaserJet Enterprise Flow MFP M830z\n\n| \n\nCF367A, D7P68A\n\n| \n\nFS3: 2308937_578495 (or higher) \n \nFS4: 2405135_000402 (or higher) \n \nHP LaserJet Managed Flow MFP M830 series\n\n| \n\nL3U65A\n\n| \n\nFS3: 2308937_578495 (or higher) \n \nFS4: 2405135_000402 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M880\n\n| \n\nA2W76A, A2W75A, D7P70A, D7P71A, D7P68A\n\n| \n\nFS3: 2308937_578494 (or higher) \n \nFS4: 2405135_000397 (or higher) \n \nHP Color LaserJet Managed MFP M880 series\n\n| \n\nL3U51A, L3U52A, L3U65A\n\n| \n\nFS3: 2308937_578494 (or higher) \n \nFS4: 2405135_000397 (or higher) \n \nHP LaserJet Managed MFP E82540 series\n\n| \n\nX3A69A, X3A68A, Z8Z19A, Z8Z18A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E82550\n\n| \n\nX3A72A, X3A71A, Z8Z21A, Z8Z20A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E82560\n\n| \n\nX3A79A, Z8Z23A, Z8Z22A, X3A75A, X3A74A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E72525\n\n| \n\nX3A59A, X3A60A, Z8Z06A, Z8Z07A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP LaserJet Managed MFP E72530\n\n| \n\nX3A62A, X3A63, Z8Z09A, Z8Z08A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP LaserJet Managed MFP E72535\n\n| \n\nX3A65, X3A66A, Z8Z11A, Z8Z10A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP Color LaserJet Managed MFP E87640\n\n| \n\nX3A87A, X3A86A, Z8Z12A, Z8Z13A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E87650\n\n| \n\nX3A90A, X3A89A, Z8Z14A, Z8Z15A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E87660\n\n| \n\nX3A92A, X3A93A, Z8Z16A, Z8Z17A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E77822\n\n| \n\nX3A78A, X3A77A, Z8Z00A, Z8Z01A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Color LaserJet Managed MFP E77825\n\n| \n\nX3A81A, X3A80A, Z8Z02A, Z8Z03A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Color LaserJet Managed MFP E77830\n\n| \n\nX3A84A, X3A83A, Z8Z05A, Z8Z04A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Digital Sender Flow 8500 fn1 Document Capture Workstation\n\n| \n\nL2717A\n\n| \n\nFS3: 2308937_578486 (or higher) \n \nHP Digital Sender Flow 8500 fn2 Document Capture Workstation\n\n| \n\nL2762A\n\n| \n\nFS4: 2405135_000408 (or higher) \n \nHP JetDirect 3000w\n\n| \n\nJ8030A\n\n| \n\nLocate firmware for print product \n \nHP JetDirect 2900nw\n\n| \n\nJ8031A\n\n| \n\nLocate firmware for print product \n \nHP DesignJet T730 36-in Printer\n\n| \n\nF9A29A, F9A29B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T730 with Rugged Case\n\n| \n\nT5D66A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 36-in Multifunction Printer\n\n| \n\nF9A30A, F9A30B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 MFP with Rugged Case \n\n| \n\nT5D67A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 MFP with armor case\n\n| \n\n1JL02A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 24-in MFP Printer\n\n| \n\nF9A28A, F9A28B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T120 24-in Printer\n\n| \n\nCQ891A, CQ891B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T120 24-in 2018 ed. Printer\n\n| \n\nCQ891C\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 24-in Printer\n\n| \n\nCQ890A, CQ890B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 24-in 2018 ed. Printer\n\n| \n\nCQ890C\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 36-in Printer \n\n| \n\nCQ893A, CQ893B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 36-in 2018 ed. Printer\n\n| \n\nCQ893C\n\n| \n\n1809AR (or higher)\n", "edition": 4, "modified": "2020-08-19T00:00:00", "published": "2018-01-12T00:00:00", "id": "HP:C05876244", "href": "https://support.hp.com/us-en/document/c05876244", "title": "HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products", "type": "hp", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13079", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13079"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13081", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13081"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13078", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13078"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-10-17T02:29:00", "title": "CVE-2017-13077", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.", "edition": 6, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13080", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080"], "modified": "2020-11-10T21:15:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13080", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-03-01T01:25:08", "description": "The version of ArubaOS on the remote device is affected by\nmultiple vulnerabilities related to the KRACK attacks. This may\nallow an attacker to decrypt, replay, and forge some frames on \na WPA2 encrypted network.\n\nNote: ArbuaOS devices are only vulnerable to CVE-2017-13077, \nCVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081 \nwhile operating as a Wi-Fi supplicant in Mesh mode.", "edition": 37, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-16T00:00:00", "title": "ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:arubanetworks:arubaos"], "id": "ARUBAOS_KRACK.NASL", "href": "https://www.tenable.com/plugins/nessus/103855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103855);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\"\n );\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)\");\n script_summary(english:\"Checks the ArubaOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of ArubaOS is affected by a MitM vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ArubaOS on the remote device is affected by\nmultiple vulnerabilities related to the KRACK attacks. This may\nallow an attacker to decrypt, replay, and forge some frames on \na WPA2 encrypted network.\n\nNote: ArbuaOS devices are only vulnerable to CVE-2017-13077, \nCVE-2017-13078,CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081 \nwhile operating as a Wi-Fi supplicant in Mesh mode.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to 6.3.1.25 / 6.4.4.16 / 6.5.1.9\n / 6.5.3.3 / 6.5.4.2 / 8.1.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arubanetworks:arubaos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arubaos_detect.nbin\");\n script_require_keys(\"Host/ArubaNetworks/model\", \"Host/ArubaNetworks/ArubaOS/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nmodel = get_kb_item_or_exit(\"Host/ArubaNetworks/model\");\ndisplay_version = get_kb_item_or_exit(\"Host/ArubaNetworks/ArubaOS/version\");\n\nif(report_paranoia < 2) audit(AUDIT_POTENTIAL_VULN, \"ArubaOS\", display_version);\n\n# Version may contain -FIPS at the end, unable to verify\nversion = ereg_replace(pattern:\"-FIPS\", replace:\"\", string:display_version);\nfix = NULL;\n # -- ArubaOS (all versions prior to 6.3.1.25)\n # -- ArubaOS 6.4 prior to 6.4.4.16\n # -- ArubaOS 6.5.0.x\n # -- ArubaOS 6.5.1 prior to 6.5.1.9\n # -- ArubaOS 6.5.2.x\n # -- ArubaOS 6.5.3 prior to 6.5.3.3\n # -- ArubaOS 6.5.4 prior to 6.5.4.2\n # -- ArubaOS 8.x prior to 8.1.0.4\n\nif ( version =~ \"^8\\.\" ) fix = \"8.1.0.4\";\nelse if ( version =~ \"^6\\.5\\.4\" ) fix = \"6.5.4.2\";\nelse if ( version =~ \"^6\\.5\\.[23]\" ) fix = \"6.5.3.3\";\nelse if ( version =~ \"^6\\.5\\.[01]\" ) fix = \"6.5.1.9\";\nelse if ( version =~ \"^6\\.4\" ) fix = \"6.4.4.16\";\nelse fix = \"6.3.1.25\";\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{ \n if (\"FIPS\" >< display_version) fix += \"-FIPS\";\n report =\n '\\n Model : ' + model +\n '\\n Installed version : ' + display_version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n}\nelse audit(AUDIT_DEVICE_NOT_VULN, \"The ArubaOS device\", display_version);\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:40:03", "description": "Several vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation or\nloss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the Broadcom\nwifi firmware and proprietary drivers that could lead to remote code\nexecution. However, this vulnerability is not believed to affect the\ndrivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS\nimplementation in Broadcom wifi firmware. This could be exploited by\nan attacker on the same WPA2 network to execute code on the wifi\nmicrocontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the WMM\nimplementation in Broadcom wifi firmware. This could be exploited by a\nnearby attacker to execute code on the wifi microcontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol used for\nauthentication in wireless networks, dubbed 'KRACK'.\n\nAn attacker exploiting the vulnerabilities could force the\nvulnerable system to reuse cryptographic session keys,\nenabling a range of cryptographic attacks against the\nciphers used in WPA1 and WPA2.\n\nThese vulnerabilities are only being fixed for certain\nBroadcom wifi chips, and might still be present in firmware\nfor other wifi hardware.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n20161130-4~deb8u1. This version also adds new firmware and packages\nfor use with Linux 4.9, and re-adds firmware-{adi,ralink} as\ntransitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-13T00:00:00", "title": "Debian DLA-1573-1 : firmware-nonfree security update (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-0561", "CVE-2017-13078", "CVE-2017-9417", "CVE-2016-0801", "CVE-2017-13081", "CVE-2017-13077"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firmware-myricom", "p-cpe:/a:debian:debian_linux:firmware-bnx2", "p-cpe:/a:debian:debian_linux:firmware-netxen", "p-cpe:/a:debian:debian_linux:firmware-qlogic", "p-cpe:/a:debian:debian_linux:firmware-cavium", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:firmware-ralink", "p-cpe:/a:debian:debian_linux:firmware-amd-graphics", "p-cpe:/a:debian:debian_linux:firmware-ivtv", "p-cpe:/a:debian:debian_linux:firmware-siano", "p-cpe:/a:debian:debian_linux:firmware-intelwimax", "p-cpe:/a:debian:debian_linux:firmware-linux-nonfree", "p-cpe:/a:debian:debian_linux:firmware-atheros", "p-cpe:/a:debian:debian_linux:firmware-brcm80211", "p-cpe:/a:debian:debian_linux:firmware-misc-nonfree", "p-cpe:/a:debian:debian_linux:firmware-realtek", "p-cpe:/a:debian:debian_linux:firmware-intel-sound", "p-cpe:/a:debian:debian_linux:firmware-iwlwifi", "p-cpe:/a:debian:debian_linux:firmware-samsung", "p-cpe:/a:debian:debian_linux:firmware-ti-connectivity", "p-cpe:/a:debian:debian_linux:firmware-adi", "p-cpe:/a:debian:debian_linux:firmware-linux", "p-cpe:/a:debian:debian_linux:firmware-libertas", "p-cpe:/a:debian:debian_linux:firmware-bnx2x", "p-cpe:/a:debian:debian_linux:firmware-ipw2x00"], "id": "DEBIAN_DLA-1573.NASL", "href": "https://www.tenable.com/plugins/nessus/118888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1573-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118888);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0801\", \"CVE-2017-0561\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-9417\");\n\n script_name(english:\"Debian DLA-1573-1 : firmware-nonfree security update (KRACK)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation or\nloss of confidentiality.\n\nCVE-2016-0801\n\nBroadgate Team discovered flaws in packet processing in the Broadcom\nwifi firmware and proprietary drivers that could lead to remote code\nexecution. However, this vulnerability is not believed to affect the\ndrivers used in Debian.\n\nCVE-2017-0561\n\nGal Beniamini of Project Zero discovered a flaw in the TDLS\nimplementation in Broadcom wifi firmware. This could be exploited by\nan attacker on the same WPA2 network to execute code on the wifi\nmicrocontroller.\n\nCVE-2017-9417 / #869639\n\nNitay Artenstein of Exodus Intelligence discovered a flaw in the WMM\nimplementation in Broadcom wifi firmware. This could be exploited by a\nnearby attacker to execute code on the wifi microcontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol used for\nauthentication in wireless networks, dubbed 'KRACK'.\n\nAn attacker exploiting the vulnerabilities could force the\nvulnerable system to reuse cryptographic session keys,\nenabling a range of cryptographic attacks against the\nciphers used in WPA1 and WPA2.\n\nThese vulnerabilities are only being fixed for certain\nBroadcom wifi chips, and might still be present in firmware\nfor other wifi hardware.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n20161130-4~deb8u1. This version also adds new firmware and packages\nfor use with Linux 4.9, and re-adds firmware-{adi,ralink} as\ntransitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firmware-nonfree\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-adi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-amd-graphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-atheros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-bnx2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-bnx2x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-brcm80211\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-cavium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-intel-sound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-intelwimax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ipw2x00\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ivtv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-iwlwifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-libertas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux-nonfree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-misc-nonfree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-myricom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-netxen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-qlogic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ralink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-realtek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-samsung\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-siano\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-ti-connectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firmware-adi\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-amd-graphics\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-atheros\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-bnx2\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-bnx2x\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-brcm80211\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-cavium\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-intel-sound\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-intelwimax\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ipw2x00\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ivtv\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-iwlwifi\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-libertas\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-linux\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-linux-nonfree\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-misc-nonfree\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-myricom\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-netxen\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-qlogic\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ralink\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-realtek\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-samsung\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-siano\", reference:\"20161130-4~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firmware-ti-connectivity\", reference:\"20161130-4~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:14:56", "description": "Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2018-01-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-F45E844A85.NASL", "href": "https://www.tenable.com/plugins/nessus/106004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f45e844a85.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106004);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-f45e844a85\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f45e844a85\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"wpa_supplicant-2.6-11.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:21", "description": "Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-60BFB576B7.NASL", "href": "https://www.tenable.com/plugins/nessus/103896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-60bfb576b7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103896);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-60bfb576b7\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-60bfb576b7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wpa_supplicant-2.6-11.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:14", "description": "Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-12E76E8364.NASL", "href": "https://www.tenable.com/plugins/nessus/103884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-12e76e8364.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103884);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-12e76e8364\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-12e76e8364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"wpa_supplicant-2.6-3.fc25.1\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:26:38", "description": "This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 41, "cvss3": {"score": 5.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2017:2745-1) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:wpa_supplicant", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource"], "id": "SUSE_SU-2017-2745-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103917", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2745-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103917);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2017:2745-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172745-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dfbd9fc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1705=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1705=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1705=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1705=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1705=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1705=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1705=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1705=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1705=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:31:14", "description": "This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 27, "cvss3": {"score": 5.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-10-23T00:00:00", "title": "openSUSE Security Update : wpa_supplicant (openSUSE-2017-1163) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "modified": "2017-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo", "p-cpe:/a:novell:opensuse:wpa_supplicant", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo"], "id": "OPENSUSE-2017-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/104076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1163.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104076);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"openSUSE Security Update : wpa_supplicant (openSUSE-2017-1163) (KRACK)\");\n script_summary(english:\"Check for the openSUSE-2017-1163 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056061\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-debuginfo-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-debugsource-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-gui-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-gui-debuginfo-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-debuginfo-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-debugsource-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-gui-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-gui-debuginfo-2.2-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo / etc\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:48:30", "description": "This update for wpa_supplicant fixes the following issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 37, "cvss3": {"score": 5.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "SUSE SLES11 Security Update : wpa_supplicant (SUSE-SU-2017:2752-1) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2752-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2752-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103920);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"SUSE SLES11 Security Update : wpa_supplicant (SUSE-SU-2017:2752-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wpa_supplicant fixes the following issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172752-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58d297a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-wpa_supplicant-13318=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-wpa_supplicant-13318=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-wpa_supplicant-13318=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"wpa_supplicant-0.7.1-6.18.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"wpa_supplicant-0.7.1-6.18.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T08:52:37", "description": "According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-11-16T00:00:00", "title": "EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2017-11-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1241.NASL", "href": "https://www.tenable.com/plugins/nessus/104576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104576);\n script_version(\"3.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1241\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef8e7664\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:37", "description": "According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-11-16T00:00:00", "title": "EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2017-11-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1242.NASL", "href": "https://www.tenable.com/plugins/nessus/104577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104577);\n script_version(\"3.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1242\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd673af0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "description": "[1:0.7.3-9.2]\n- Fix backport errors (CVE-2017-13077, CVE-2017-13080)\n[1:0.7.3-9.1]\n- avoid key reinstallation (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082)", "edition": 5, "modified": "2017-10-18T00:00:00", "published": "2017-10-18T00:00:00", "id": "ELSA-2017-2911", "href": "http://linux.oracle.com/errata/ELSA-2017-2911.html", "title": "wpa_supplicant security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "[1:2.6-5.1]\n- avoid key reinstallation (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,\n CVE-2017-13087, CVE-2017-13088)", "edition": 6, "modified": "2017-10-17T00:00:00", "published": "2017-10-17T00:00:00", "id": "ELSA-2017-2907", "href": "http://linux.oracle.com/errata/ELSA-2017-2907.html", "title": "wpa_supplicant security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2020-12-24T20:41:37", "bulletinFamily": "software", "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Wi-Fi Update for Boot Camp 6.4.0\n\nReleased July 5, 2018\n\n**Wi-Fi**\n\nAvailable for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**Wi-Fi**\n\nAvailable for the following machines while running Boot Camp: MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "edition": 2, "modified": "2018-07-05T10:02:49", "published": "2018-07-05T10:02:49", "id": "APPLE:HT208847", "href": "https://support.apple.com/kb/HT208847", "title": "About the security content of Wi-Fi Update for Boot Camp 6.4.0 - Apple Support", "type": "apple", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:08", "bulletinFamily": "software", "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## AirPort Base Station Firmware Update 7.6.9\n\nReleased December 12, 2017\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "edition": 2, "modified": "2017-12-12T09:19:14", "published": "2017-12-12T09:19:14", "id": "APPLE:HT208258", "href": "https://support.apple.com/kb/HT208258", "title": "About the security content of AirPort Base Station Firmware Update 7.6.9 - Apple Support", "type": "apple", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:10", "bulletinFamily": "software", "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-9417", "CVE-2017-13077"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## AirPort Base Station Firmware Update 7.7.9\n\nReleased December 12, 2017\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n**AirPort Base Station Firmware**\n\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "edition": 2, "modified": "2017-12-12T09:19:46", "published": "2017-12-12T09:19:46", "id": "APPLE:HT208354", "href": "https://support.apple.com/kb/HT208354", "title": "About the security content of AirPort Base Station Firmware Update 7.7.9 - Apple Support", "type": "apple", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2021-02-27T19:52:05", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080"], "description": "### **CVSS v3 6.8**\n\n**ATTENTION: **Public exploits are available.\n\n**Vendor:** PHOENIX CONTACT\n\n**Equipment:** WLAN capable devices using the WPA2 Protocol\n\n**Vulnerabilities:** Reusing a Nonce\n\n## AFFECTED PRODUCTS\n\nPHOENIX CONTACT reports that these vulnerabilities affect all versions of the following WLAN capable devices using the WPA2 Protocol:\n\n * BL2 BPC,\n * BL2 PPC,\n * FL COMSERVER WLAN 232/422/485,\n * FL WLAN 110x,\n * FL WLAN 210x,\n * FL WLAN 510x,\n * FL WLAN 230 AP 802-11,\n * FL WLAN 24 AP 802-11,\n * FL WLAN 24 DAP 802-11,\n * FL WLAN 24 EC 802-11,\n * FL WLAN EPA,\n * FL WLAN SPA,\n * ITC 8113,\n * RAD-80211-XD,\n * RAD-WHG/WLAN-XD,\n * TPC 6013,\n * VMT 30xx,\n * VMT 50xx, and\n * VMT 70xx.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to operate as a \u201cman-in-the-middle\u201d between the device and the wireless access point.\n\n## MITIGATION\n\nPHOENIX CONTACT has reported that users operating embedded devices in AP mode are not affected by these vulnerabilities. PHOENIX CONTACT is actively working on discovering how these vulnerabilities affect its products and plans to release future updates as they become available. For more information, please see the advisory at this location:\n\n<https://cert.vde.com/de-de/advisories/vde-2017-003>\n\nPHOENIX CONTACT recommends that users apply the security update provided by Microsoft at the following location for devices running Microsoft Windows:\n\n<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-13080>\n\nIf WPA-TKIP is being used for WLAN configuration, PHOENIX CONTACT recommends the user switch to AES-CCMP immediately.\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities are not remotely exploitable. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)\n\nMultiple products are affected by key reinstallation attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): reinstallation of the pairwise key in the four-way handshake,\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): reinstallation of the group key in the four-way handshake, and\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): reinstallation of the group key in the group key handshake,\n\nA CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. PHOENIX CONTACT reported these vulnerabilities to CERT@VDE. CERT@VDE coordinated these vulnerabilities with ICS-CERT.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Communications, Critical Manufacturing, Information Technology\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-325-01>); we'd welcome your feedback.\n", "modified": "2017-11-21T00:00:00", "published": "2017-11-21T00:00:00", "id": "ICSA-17-325-01", "href": "https://www.us-cert.gov/ics/advisories/ICSA-17-325-01", "type": "ics", "title": "PHOENIX CONTACT WLAN Capable Devices using the WPA2 Protocol", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T19:52:02", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "### **CVSS v3 8.1**\n\n**ATTENTION:** Low skill level is needed to exploit. Public exploits are available.\n\n**Vendor:** PEPPERL+FUCHS/ecom instruments\n\n**Equipment:** WLAN capable devices using the WPA2 Protocol\n\n**Vulnerabilities:** Reusing a Nonce\n\n## AFFECTED PRODUCTS\n\nPEPPERL+FUCHS/ecom instruments reports that these vulnerabilities affect all versions of the following WLAN capable devices using the WPA2 Protocol:\n\n * Tab-Ex 01,\n * Ex-Handy 09,\n * Ex-Handy 209,\n * Smart-Ex 01,\n * Smart-Ex 201,\n * Pad-Ex 01,\n * i.roc Ci70-Ex,\n * CK70A-ATEX,\n * CK71A-ATEX,\n * CN70A-ATEX, and\n * CN70E-ATEX.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to operate as a \u201cman-in-the-middle\u201d between the device and the wireless access point.\n\n## MITIGATION\n\nPEPPERL+FUCHS/ecom instruments report the following mitigations:\n\nAndroid\n\n * Affected Products: Tab-Ex 01, Ex-Handy 09, Ex-Handy 209, Smart-Ex 01, Smart-Ex 201\n * ecom instruments is actively working on these vulnerabilities. This advisory will updated as soon as further significant details are provided by the vendor, with an emphasis on information about available patches.\n\nWindows\n\n * Affected Products: Pad-Ex 01, i.roc Ci70-Ex, CK70A-ATEX, CK71A-ATEX, CN70A-ATEX, CN70E-ATEX\n * For ecom instruments devices running Windows, ecom instruments recommends users apply the security update provided by Microsoft. If users are using WPA-TKIP in their WLAN, users should switch to AES-CCMP immediately.\n\nFor more information CERT@VDE has released a security advisory found at:\n\n<https://cert.vde.com/de-de/advisories/vde-2017-005>\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\n## VULNERABILITY OVERVIEW\n\n## [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)\n\nMultiple products are affected by key reinstallation attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): Reinstallation of the pairwise key during the four-way handshake.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): Reinstallation of the group key during the four-way handshake.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): Reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): Reinstallation of the group key during the group key handshake.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): Reinstallation of the IGTK during the group key handshake.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): Reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): Reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): Reinstallation of the IGTK when processing a WNM Sleep Mode Response frame.\n\nA CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. PEPPERL+FUCHS reported to CERT@VDE that their products are affected. CERT@VDE coordinated these vulnerabilities with ICS-CERT.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Communications, Critical Manufacturing, Information Technology\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-353-02>); we'd welcome your feedback.\n", "modified": "2017-12-19T00:00:00", "published": "2017-12-19T00:00:00", "id": "ICSA-17-353-02", "href": "https://www.us-cert.gov/ics/advisories/ICSA-17-353-02", "type": "ics", "title": "PEPPERL+FUCHS/ecom instruments WLAN Capable Devices using the WPA2 Protocol", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T19:51:38", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.8**\n\n * **ATTENTION**: Public exploits are available.\n * **Vendor**: Becton, Dickinson and Company (BD)\n * **Equipment**: Certain BD Pyxis Products\n * **Vulnerability**: Reusing a Nonce\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication or injection of data.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of BD Pyxis products, a medication and supply management system, are affected:\n\n * BD Pyxis Anesthesia ES,\n * BD Pyxis Anesthesia System 4000,\n * BD Pyxis Anesthesia System 3500,\n * BD Pyxis MedStation 4000 T2,\n * BD Pyxis MedStation ES,\n * BD Pyxis SupplyStation,\n * BD Pyxis Supply Roller,\n * BD Pyxis ParAssist System,\n * BD Pyxis PARx,\n * BD Pyxis CIISafe \u2013 Workstation,\n * BD Pyxis StockStation System, and\n * BD Pyxis Parx handheld\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)\n\nAn industry-wide vulnerability exists in the WPA and WPA2 protocol affected by the Key Reinstallation Attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): Reinstallation of the pairwise key during the four-way handshake.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): Reinstallation of the group key during the four-way handshake.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): Reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): Reinstallation of the group key during the group key handshake.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): Reinstallation of the IGTK during the group key handshake.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): Reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): Reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): Reinstallation of the IGTK when processing a WNM Sleep Mode Response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors: **Healthcare and Public Health\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location:** New Jersey\n\n### 3.4 RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered the KRACK vulnerabilities. BD reported to NCCIC that the KRACK vulnerabilities may possibly affect these products.\n\n## 4\\. MITIGATIONS\n\nBD has implemented third-party vendor patches through BD's routine patch deployment process that resolves these vulnerabilities for most devices. Some devices require coordination with BD. BD is in the process of contacting users to schedule and deploy patches. There is currently no reported verified instance of the KRACK vulnerability being exploited maliciously against BD devices.\n\nAdditionally, BD recommends the following compensating controls in order to reduce risk associated with this vulnerability:\n\n * Ensure the latest recommended updates for Wi-Fi access points have been implemented in Wi-Fi enabled networks\n * Ensure appropriate physical controls are in place to prevent attackers from being within physical range of an affected Wi-Fi access point and client\n * Ensure data has been backed up and stored according to individual processes and disaster recovery procedures\n\nBD has published a product security bulletin to notify users about this issue and to provide additional mitigation counsel. It can be found at the following location on their web page:\n\n<http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-wpa2-krack-wi-fi-vulnerability>\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSMA-18-114-01>); we'd welcome your feedback.\n", "modified": "2018-04-24T00:00:00", "published": "2018-04-24T00:00:00", "id": "ICSMA-18-114-01", "href": "https://www.us-cert.gov/ics/advisories/ICSMA-18-114-01", "type": "ics", "title": "BD Pyxis", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T19:50:48", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.8**\n\n * **ATTENTION:** Public exploits are available\n * **Vendor: **Stryker\n * **Equipment: **Secure II MedSurg Bed, S3 MedSurg Bed, and InTouch ICU Bed\n * **Vulnerability: **Reusing a Nonce\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication or injection of data.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following Stryker medical products are affected:\n\n * Secure II MedSurg Bed (enabled with iBed Wireless), Model: 3002,\n * S3 MedSurg Bed (enabled with iBed Wireless), Models: 3002 S3, and 3005 S3, and\n * InTouch ICU Bed (enabled with Bed Wireless), Models 2131, and 2141.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)**\n\nAn industry-wide vulnerability exists in the WPA and WPA2 protocol affected by the Key Reinstallation Attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse, resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames. \n\nThe following CVEs have been assigned to this group of vulnerabilities: \n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): Reinstallation of the pairwise key during the four-way handshake.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): Reinstallation of the group key during the four-way handshake.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): Reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): Reinstallation of the group key during the group key handshake.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): Reinstallation of the IGTK during the group key handshake.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): Reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): Reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): Reinstallation of the IGTK when processing a WNM Sleep Mode Response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Healthcare and Public Health\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **United States\n\n### 3.4 RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered the KRACK vulnerabilities. Stryker reported to NCCIC that the KRACK vulnerabilities may possibly affect these products.\n\n## 4\\. MITIGATIONS\n\nStryker has released software updates for affected products to mitigate the KRACK vulnerabilities. \n\n * Gateway 1.0 - no patch available\n * Gateway 2.0 - upgrade to software version 5212-400-905_3.5.002.01\n * Gateway 3.0 - patch incorporated in current software version 5212-500-905_4.3.001.01\n\nStryker recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n * If determined unnecessary by the user, the iBed wireless functionality may be disabled. \n * Stryker recommends these products operate on a separate VLAN, where possible, to ensure proper network security segmentation. \n * As an extra precaution, ensure the latest recommended updates (which includes the KRACK patch) for Wi-Fi access points, have been implemented in Wi-Fi enabled networks.\n\nFor additional questions, users can call 1-800-STRYKER, option 2 for Stryker Medical Technical Support.\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThis vulnerability is exploitable from an adjacent network. High skill level is needed to exploit.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSMA-19-029-01>); we'd welcome your feedback.\n", "modified": "2019-01-29T00:00:00", "published": "2019-01-29T00:00:00", "id": "ICSMA-19-029-01", "href": "https://www.us-cert.gov/ics/advisories/ICSMA-19-029-01", "type": "ics", "title": "Stryker Medical Beds", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T19:02:31", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** ABB\n\n**Equipment:** TropOS\n\n**Vulnerabilities:** Security Features\n\n## AFFECTED PRODUCTS\n\nABB reports that the key reinstallation attacks (KRACK) potentially affect all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\n## MITIGATION\n\nABB is working on remedial actions for all affected products.\n\nABB has released an advisory (1KHW02890) on their alerts and notification page:\n\n[http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch](<http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch>)\n\nThis advisory will be updated when firmware, including remedial measures, is available.\n\nThe TropOS mesh wireless interfaces are not vulnerable. Wired client interfaces (Ethernet, Serial) are not vulnerable. An attacker must be in physical proximity of the Wi-Fi access point and connected client to be successful. If the communication across the Wi-Fi link is encrypted at Layer 3 (e.g., SSH, SSL, HTTPS, or SNMPv3 encrypted), privacy is maintained during an otherwise successful attack. If possible, encrypt communication across the Wi-Fi link at Layer 3 using SSH, SSL, HTTPS, or SNMPv3. There is no complete workaround which allows protected Wi-Fi access to the TropOS Mesh.\n\nABB users with a current Complete Software Care or Complete Software + Hardware Care subscription are advised to contact ABB Wireless support on phone +1(408) 331 6800, ext. 4, or email [tropos.support@nam.abb.com](<mailto:tropos.support@nam.abb.com>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from adjacent networks. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nAn industry-wide vulnerability exists in the WPA2 key management algorithm devices that use IEEE 802.11w, including the TropOS broadband mesh routers listed above. The vulnerability may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): reinstallation of the pairwise key in the four-way handshake,\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): reinstallation of the group key in the four-way handshake,\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): reinstallation of the integrity group key in the four-way handshake,\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): reinstallation of the group key in the group key handshake,\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): reinstallation of the integrity group key in the group key handshake,\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): accepting a retransmitted fast BSS transition reassociation request and reinstalling the pairwise key while processing it,\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>): reinstallation of the STK key in the PeerKey handshake,\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): reinstallation of the tunneled direct-link setup (TDLS) PeerKey (TPK) key in the TDLS handshake,\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): reinstallation of the group key (GTK) when processing a wireless network management (WNM) sleep mode response frame, and\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): reinstallation of the integrity group key (IGTK) when processing a wireless network management (WNM) sleep mode response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered this vulnerability.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Critical Manufacturing, Energy\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Switzerland\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-02", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-02", "type": "ics", "title": "ABB TropOS", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-19T08:45:15", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** Siemens\n\n**Equipment:** SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was published November 14, 2017, on the NCCIC/ICS-CERT web site.\n\n## AFFECTED PRODUCTS\n\n**\\--------- Begin Update A Part 1 of 2 --------**\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * SCALANCE W1750D: All versions,\n * SCALANCE WLC711: All versions,\n * SCALANCE WLC712: All versions,\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to V6.2.1,\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions,\n * SIMATIC IWLAN-PB/LINK: All versions,\n * RUGGEDCOM RX1400 with WLAN interface: All versions,\n * RUGGEDCOM RS9xxW: All versions,\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions,\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions, and\n * SINAMICS V20 Smart Access Module: All versions.\n\n**\\--------- End Update A Part 1 of 2 ----------**\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay, or inject forged network packets into the wireless communication.\n\n## MITIGATION\n\n**\\--------- Begin Update A Part 2 of 2 --------**\n\nSiemens has provided the following update to address the vulnerabilities in the affected product:\n\n * SCALANCE W-700 (IEEE 802.11n): V6.2.1:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752596>\n\n**\\--------- End Update A Part 2 of 2 ----------**\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-901333 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "modified": "2017-12-18T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01A", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-01A", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update A)", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T18:53:46", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** Siemens\n\n**Equipment:** SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01A Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was published December 5, 2017, on the NCCIC/ICS-CERT web site.\n\n## AFFECTED PRODUCTS\n\n**\\--------- Begin Update B Part 1 of 2 --------**\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * SCALANCE W1750D: All versions,\n * SCALANCE WLC711: All versions,\n * SCALANCE WLC712: All versions,\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to V6.2.1,\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions,\n * SIMATIC IWLAN-PB/LINK: All versions,\n * RUGGEDCOM RX1400 with WLAN interface: All versions prior to V2.11.2,\n * RUGGEDCOM RS9xxW: All versions,\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions,\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions\n * SINAMICS V20 Smart Access Module: All versions, and\n * SIMATIC RF350M: All versions with Summit Client Utility prior to V22.3.5.16\n * SIMATIC RF650M: All versions with Summit Client Utility prior to V22.3.5.16.\n\n**\\--------- End Update B Part 1 of 2 ----------**\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay, or inject forged network packets into the wireless communication.\n\n## MITIGATION\n\n**\\--------- Begin Update B Part 2 of 2 --------**\n\nSiemens has provided the following updates to address the vulnerabilities in the affected products:\n\n * SCALANCE W-700 (IEEE 802.11n): V6.2.1:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752596>\n\n * RUGGEDCOM ROX II for RX1400 with WLAN interface: V2.11.2:\n\nContact the RUGGEDCOM support team at: <https://support.industry.siemens.com/my/WW/en/requests#createRequest>\n\n * SIMATIC RF350M and SIMATIC RF650M: V22.3.5.16 from:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752556>\n\n**\\--------- End Update B Part 2 of 2 ----------**\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-901333 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "modified": "2018-01-25T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01B", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-01B", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update B)", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T20:53:31", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** Siemens\n\n**Equipment:** SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01B Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was published December 19, 2017, on the NCCIC/ICS-CERT web site.\n\n## AFFECTED PRODUCTS\n\n**\\--------- Begin Update C Part 1 of 2 ----------**\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * SCALANCE W1750D: All versions,\n * SCALANCE WLC711: All versions prior to V9.21.19.003,\n * SCALANCE WLC712: All versions prior to V9.21.19.003,\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to V6.2.1,\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions,\n * SIMATIC IWLAN-PB/LINK: All versions,\n * RUGGEDCOM RX1400 with WLAN interface: All versions prior to V2.11.2,\n * RUGGEDCOM RS9xxW: All versions,\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions,\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions,\n * SINAMICS V20 Smart Access Module: All versions,\n * SIMATIC RF350M: All versions with Summit Client Utility prior to V22.3.5.16, and\n * SIMATIC RF650M: All versions with Summit Client Utility prior to V22.3.5.16.\n\n**\\--------- End Update C Part 1 of 2 ----------**\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay, or inject forged network packets into the wireless communication.\n\n## MITIGATION\n\n**\\--------- Begin Update C Part 2 of 2 --------**\n\nSiemens has provided the following updates to address the vulnerabilities in the affected products:\n\n * SCALANCE W-700 (IEEE 802.11n): Install V6.2.1:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752596>\n\n * RUGGEDCOM ROX II for RX1400 with WLAN interface: Install V2.11.2:\n\nContact the RUGGEDCOM support team at: <https://support.industry.siemens.com/my/WW/en/requests#createRequest>\n\n * SIMATIC RF350M and SIMATIC RF650M: V22.3.5.16 from:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752556>\n\n * SCALANCE WLC711 and SCALANCE WLC712: Install V9.21.19.003:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109755170>\n\n**\\--------- End Update C Part 2 of 2 ----------**\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisories SSA-901333 and SSA-418456 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the NCCIC Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "modified": "2018-01-25T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01C", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-01C", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update C)", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-02-27T19:52:06", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.8**\n * **ATTENTION**: Exploitable remotely/low skill level to exploit/public exploits are available.\n * **Vendor**: Siemens\n * **Equipment**: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n * **Vulnerabilities**: Security Features\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update D) that was published April 24, 2018, on the NCCIC/ICS-CERT website.\n\n## 3\\. RISK EVALUATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update E) that was published November 13, 2018, on the NCCIC/ICS-CERT website.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * RUGGEDCOM RS9xxW: All versions\n * RUGGEDCOM RX1400 with WLAN interface: All versions prior to v2.11.2\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to v6.2.1\n * SCALANCE W1750D: All versions prior to v6.5.1.5-4.3.1.8\n * SCALANCE WLC711: All versions prior to v9.21.19.003\n * SCALANCE WLC712: All versions prior to v9.21.19.003\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions\n * SIMATIC IWLAN-PB/LINK: All versions\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions\n\n**\\--------- Begin Update F Part 1 of 2 ---------**\n\n * SINAMICS v20 Smart Access Module: All versions prior to v01.03.01\n\n**\\--------- End Update F Part 1 of 2 ---------**\n\n * SIMATIC RF350M: All versions with Summit Client Utility prior to v22.3.5.16\n * SIMATIC RF650M: All versions with Summit Client Utility prior to v22.3.5.16\n\n### 4.2 VULNERABILITY OVERVIEW\n\n### 4.2.1 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.2 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.3 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n### 4.2.4 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.5 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.6 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 4.2.7 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 4.2.8 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 4.2.9 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.10 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.3 BACKGROUND\n\n * **Critical Infrastructure Sectors: **Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location:** Germany\n\n### 4.4 RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## 5\\. MITIGATIONS\n\nSiemens has provided the following updates to address the vulnerabilities in the affected products:\n\n * RUGGEDCOM ROX II for RX1400 with WLAN interface: Install v2.11.2\n\nContact the RUGGEDCOM support team at:\n\n<https://support.industry.siemens.com/my/WW/en/requests#createRequest>\n\n * SCALANCE W-700 (IEEE 802.11n): Install v6.2.1 or newer\n\n<https://support.industry.siemens.com/cs/us/en/ps/21965/dl>\n\n * SCALANCE W1750D: Install v6.5.1.5-4.3.1.8\n\n<https://support.industry.siemens.com/cs/ww/en/view/109756771>\n\n * SCALANCE WLC711 and SCALANCE WLC712: Install v9.21.19.003\n\n<https://support.industry.siemens.com/cs/ww/en/view/109755170>\n\n**\\--------- Begin Update F Part 2 of 2 ---------**\n\n * SINAMICS v20 Smart Access Module: Update to v01.03.01\n\n<https://support.industry.siemens.com/cs/ww/en/view/109765008>\n\n**\\--------- End Update F Part 2 of 2 ---------**\n\n * SIMATIC RF350M and SIMATIC RF650M: update to v22.3.5.16\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752556>\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisories SSA-901333 and SSA-418456 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-318-01>); we'd welcome your feedback.\n", "modified": "2019-04-09T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01", "href": "https://www.us-cert.gov/ics/advisories/ICSA-17-318-01", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update F)", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T19:52:06", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** ABB\n\n**Equipment:** TropOS\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-17-318-02 ABB TropOS that was published November 14, 2017, on the NCCIC/ICS-CERT website.\n\n## AFFECTED PRODUCTS\n\nABB reports that the key reinstallation attacks (KRACK) potentially affect all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\n## MITIGATION\n\n### **\\----------Begin Update A Part 1 of 1 --------**\n\nABB has released Mesh OS version 8.5.3 to address these vulnerabilities.\n\nABB has released an advisory (1KHW02890) on their alerts and notification page:\n\n[http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch](<http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch>)\n\n### **\\--------- End Update A Part 1 of 1 ----------**\n\nABB is working on remedial actions for all affected products.\n\nABB has released an advisory (1KHW02890) on their alerts and notification page:\n\n[http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch](<http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch>)\n\nThis advisory will be updated when firmware, including remedial measures, is available.\n\nThe TropOS mesh wireless interfaces are not vulnerable. Wired client interfaces (Ethernet, Serial) are not vulnerable. An attacker must be in physical proximity of the Wi-Fi access point and connected client to be successful. If the communication across the Wi-Fi link is encrypted at Layer 3 (e.g., SSH, SSL, HTTPS, or SNMPv3 encrypted), privacy is maintained during an otherwise successful attack. If possible, encrypt communication across the Wi-Fi link at Layer 3 using SSH, SSL, HTTPS, or SNMPv3. There is no complete workaround which allows protected Wi-Fi access to the TropOS Mesh.\n\nABB users with a current Complete Software Care or Complete Software + Hardware Care subscription are advised to contact ABB Wireless support on phone +1(408) 331 6800, ext. 4, or email [tropos.support@nam.abb.com](<mailto:tropos.support@nam.abb.com>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from adjacent networks. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nAn industry-wide vulnerability exists in the WPA2 key management algorithm devices that use IEEE 802.11w, including the TropOS broadband mesh routers listed above. The vulnerability may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): reinstallation of the pairwise key in the four-way handshake,\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): reinstallation of the group key in the four-way handshake,\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): reinstallation of the integrity group key in the four-way handshake,\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): reinstallation of the group key in the group key handshake,\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): reinstallation of the integrity group key in the group key handshake,\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): accepting a retransmitted fast BSS transition reassociation request and reinstalling the pairwise key while processing it,\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>): reinstallation of the STK key in the PeerKey handshake,\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): reinstallation of the tunneled direct-link setup (TDLS) PeerKey (TPK) key in the TDLS handshake,\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): reinstallation of the group key (GTK) when processing a wireless network management (WNM) sleep mode response frame, and\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): reinstallation of the integrity group key (IGTK) when processing a wireless network management (WNM) sleep mode response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered this vulnerability.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Critical Manufacturing, Energy\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Switzerland\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-318-02A>); we'd welcome your feedback.\n", "modified": "2018-02-15T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-02A", "href": "https://www.us-cert.gov/ics/advisories/ICSA-17-318-02A", "type": "ics", "title": "ABB TropOS (Update A)", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "Arch Linux Security Advisory ASA-201710-22\n==========================================\n\nSeverity: High\nDate : 2017-10-16\nCVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080\nCVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088\nPackage : wpa_supplicant\nType : man-in-the-middle\nRemote : Yes\nLink : https://security.archlinux.org/AVG-447\n\nSummary\n=======\n\nThe package wpa_supplicant before version 1:2.6-11 is vulnerable to\nman-in-the-middle.\n\nResolution\n==========\n\nUpgrade to 1:2.6-11.\n\n# pacman -Syu \"wpa_supplicant>=1:2.6-11\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-13077 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\npairwise encryption key (PTK-TK) in the 4-way handshake.\n\n- CVE-2017-13078 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the 4-way handshake.\n\n- CVE-2017-13079 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the 4-way handshake.\n\n- CVE-2017-13080 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the group key handshake.\n\n- CVE-2017-13081 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the group key handshake.\n\n- CVE-2017-13082 (man-in-the-middle)\n\nA vulnerability has been discovered that allows accepting a\nretransmitted FT Reassociation Request and reinstalling the pairwise\nkey (PTK) while processing it.\n\n- CVE-2017-13087 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) when processing a Wireless Network Management (WNM)\nSleep Mode Response frame.\n\n- CVE-2017-13088 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) when processing a Wireless Network\nManagement (WNM) Sleep Mode Response frame.\n\nImpact\n======\n\nA remote attacker within physical proximity to the target WiFi network\nis able to decrypt all data that the victim transmits, inject arbitrary\npackets to hijack TCP connection or replay unicast and group-addressed\nframes.\n\nReferences\n==========\n\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://papers.mathyvanhoef.com/ccs2017.pdf\nhttps://www.kb.cert.org/vuls/id/228519\nhttps://www.krackattacks.com/\nhttps://w1.fi/cgit/hostap/commit/?id=53bb18cc8b7a4da72e47e4b3752d0d2135cffb23\nhttps://w1.fi/cgit/hostap/commit/?id=0adc9b28b39d414d5febfff752f6a1576f785c85\nhttps://w1.fi/cgit/hostap/commit/?id=cb5132bb35698cc0c743e34fe0e845dfc4c3e410\nhttps://w1.fi/cgit/hostap/commit/?id=0e3bd7ac684a2289aa613347e2f3ad54ad6a9449\nhttps://w1.fi/cgit/hostap/commit/?id=e760851176c77ae6de19821bb1d5bf3ae2cb5187\nhttps://w1.fi/cgit/hostap/commit/?id=2a9c5217b18be9462a5329626e2f95cc7dd8d4f1\nhttps://w1.fi/cgit/hostap/commit/?id=87e2db16bafcbc60b8d0016175814a73c1e8ed45\nhttps://security.archlinux.org/CVE-2017-13077\nhttps://security.archlinux.org/CVE-2017-13078\nhttps://security.archlinux.org/CVE-2017-13079\nhttps://security.archlinux.org/CVE-2017-13080\nhttps://security.archlinux.org/CVE-2017-13081\nhttps://security.archlinux.org/CVE-2017-13082\nhttps://security.archlinux.org/CVE-2017-13087\nhttps://security.archlinux.org/CVE-2017-13088", "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "ASA-201710-22", "href": "https://security.archlinux.org/ASA-201710-22", "type": "archlinux", "title": "[ASA-201710-22] wpa_supplicant: man-in-the-middle", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "Arch Linux Security Advisory ASA-201710-23\n==========================================\n\nSeverity: High\nDate : 2017-10-16\nCVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080\nCVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088\nPackage : hostapd\nType : man-in-the-middle\nRemote : Yes\nLink : https://security.archlinux.org/AVG-448\n\nSummary\n=======\n\nThe package hostapd before version 2.6-6 is vulnerable to man-in-the-\nmiddle.\n\nResolution\n==========\n\nUpgrade to 2.6-6.\n\n# pacman -Syu \"hostapd>=2.6-6\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-13077 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\npairwise encryption key (PTK-TK) in the 4-way handshake.\n\n- CVE-2017-13078 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the 4-way handshake.\n\n- CVE-2017-13079 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the 4-way handshake.\n\n- CVE-2017-13080 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the group key handshake.\n\n- CVE-2017-13081 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the group key handshake.\n\n- CVE-2017-13082 (man-in-the-middle)\n\nA vulnerability has been discovered that allows accepting a\nretransmitted FT Reassociation Request and reinstalling the pairwise\nkey (PTK) while processing it.\n\n- CVE-2017-13087 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) when processing a Wireless Network Management (WNM)\nSleep Mode Response frame.\n\n- CVE-2017-13088 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) when processing a Wireless Network\nManagement (WNM) Sleep Mode Response frame.\n\nImpact\n======\n\nA remote attacker within physical proximity to the target WiFi network\nis able to decrypt all data that the victim transmits, inject arbitrary\npackets to hijack TCP connection or replay unicast and group-addressed\nframes.\n\nReferences\n==========\n\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://papers.mathyvanhoef.com/ccs2017.pdf\nhttps://www.kb.cert.org/vuls/id/228519\nhttps://www.krackattacks.com/\nhttps://w1.fi/cgit/hostap/commit/?id=53bb18cc8b7a4da72e47e4b3752d0d2135cffb23\nhttps://w1.fi/cgit/hostap/commit/?id=0adc9b28b39d414d5febfff752f6a1576f785c85\nhttps://w1.fi/cgit/hostap/commit/?id=cb5132bb35698cc0c743e34fe0e845dfc4c3e410\nhttps://w1.fi/cgit/hostap/commit/?id=0e3bd7ac684a2289aa613347e2f3ad54ad6a9449\nhttps://w1.fi/cgit/hostap/commit/?id=e760851176c77ae6de19821bb1d5bf3ae2cb5187\nhttps://w1.fi/cgit/hostap/commit/?id=2a9c5217b18be9462a5329626e2f95cc7dd8d4f1\nhttps://w1.fi/cgit/hostap/commit/?id=87e2db16bafcbc60b8d0016175814a73c1e8ed45\nhttps://security.archlinux.org/CVE-2017-13077\nhttps://security.archlinux.org/CVE-2017-13078\nhttps://security.archlinux.org/CVE-2017-13079\nhttps://security.archlinux.org/CVE-2017-13080\nhttps://security.archlinux.org/CVE-2017-13081\nhttps://security.archlinux.org/CVE-2017-13082\nhttps://security.archlinux.org/CVE-2017-13087\nhttps://security.archlinux.org/CVE-2017-13088", "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "ASA-201710-23", "href": "https://security.archlinux.org/ASA-201710-23", "type": "archlinux", "title": "[ASA-201710-23] hostapd: man-in-the-middle", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:56:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-0561", "CVE-2017-13078", "CVE-2017-9417", "CVE-2016-0801", "CVE-2017-13081", "CVE-2017-13077"], "description": "Package : firmware-nonfree\nVersion : 20161130-4~deb8u1\nCVE ID : CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 \n CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081\nDebian Bug : 620066 724970 769633 774914 790061 793544 793874 795303\n 800090 800440 800820 801514 802970 803920 808792 816350\n\t\t 823402 823637 826996 832925 833355 833876 838038 838476\n\t\t 838858 841092 842762 854695 854907 856853 862458 869639\n\t\t 907320\n\nSeveral vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation\nor loss of confidentiality.\n\nCVE-2016-0801\n\n Broadgate Team discovered flaws in packet processing in the\n Broadcom wifi firmware and proprietary drivers that could lead to\n remote code execution. However, this vulnerability is not\n believed to affect the drivers used in Debian.\n\nCVE-2017-0561\n\n Gal Beniamini of Project Zero discovered a flaw in the TDLS\n implementation in Broadcom wifi firmware. This could be exploited\n by an attacker on the same WPA2 network to execute code on the\n wifi microcontroller.\n\nCVE-2017-9417 / #869639\n\n Nitay Artenstein of Exodus Intelligence discovered a flaw in the\n WMM implementation in Broadcom wifi firmware. This could be\n exploited by a nearby attacker to execute code on the wifi\n microcontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\n Mathy Vanhoef of the imec-DistriNet research group of KU Leuven\n discovered multiple vulnerabilities in the WPA protocol used for\n authentication in wireless networks, dubbed "KRACK".\n\n An attacker exploiting the vulnerabilities could force the\n vulnerable system to reuse cryptographic session keys, enabling a\n range of cryptographic attacks against the ciphers used in WPA1\n and WPA2.\n\n These vulnerabilities are only being fixed for certain Broadcom\n wifi chips, and might still be present in firmware for other wifi\n hardware.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n20161130-4~deb8u1. This version also adds new firmware and packages\nfor use with Linux 4.9, and re-adds firmware-{adi,ralink} as\ntransitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 10, "modified": "2018-11-13T01:33:58", "published": "2018-11-13T01:33:58", "id": "DEBIAN:DLA-1573-1:A1DDB", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00015.html", "title": "[SECURITY] [DLA 1573-1] firmware-nonfree security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:05:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3999-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nOctober 16, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 \n CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n CVE-2017-13088\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered\nmultiple vulnerabilities in the WPA protocol, used for authentication in\nwireless networks. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2. \n\nMore information can be found in the researchers's paper, Key Reinstallation\nAttacks: Forcing Nonce Reuse in WPA2.\n\nCVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake\nCVE-2017-13078: reinstallation of the group key in the Four-way handshake\nCVE-2017-13079: reinstallation of the integrity group key in the Four-way\n handshake\nCVE-2017-13080: reinstallation of the group key in the Group Key handshake\nCVE-2017-13081: reinstallation of the integrity group key in the Group Key\n handshake\nCVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation\n Request and reinstalling the pairwise key while processing it\nCVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n (TPK) key in the TDLS handshake\nCVE-2017-13087: reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response frame\nCVE-2017-13088: reinstallation of the integrity group key (IGTK) when\n processing a Wireless Network Management (WNM) Sleep Mode\n Response frame\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2.3-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1.\n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1.\n\nWe recommend that you upgrade your wpa packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 15, "modified": "2017-10-16T09:21:02", "published": "2017-10-16T09:21:02", "id": "DEBIAN:DSA-3999-1:C5D5F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00261.html", "title": "[SECURITY] [DSA 3999-1] wpa security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Package : wpa\nVersion : 1.0-3+deb7u5\nCVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 \n CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n CVE-2017-13088\n\nA vulnerability was found in how WPA code can be triggered to\nreconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific\nframe that is used to manage the keys. Such reinstallation of the\nencryption key can result in two different types of vulnerabilities:\ndisabling replay protection and significantly reducing the security of\nencryption to the point of allowing frames to be decrypted or some parts\nof the keys to be determined by an attacker depending on which cipher is\nused.\n\nThose issues are commonly known under the "KRACK" appelation. According\nto US-CERT, "the impact of exploiting these vulnerabilities includes\ndecryption, packet replay, TCP connection hijacking, HTTP content\ninjection, and others."\n\nCVE-2017-13077\n\n Reinstallation of the pairwise encryption key (PTK-TK) in the\n 4-way handshake.\n\nCVE-2017-13078\n\n Reinstallation of the group key (GTK) in the 4-way handshake.\n\nCVE-2017-13079\n\n Reinstallation of the integrity group key (IGTK) in the 4-way\n handshake.\n\nCVE-2017-13080\n\n Reinstallation of the group key (GTK) in the group key handshake.\n\nCVE-2017-13081\n\n Reinstallation of the integrity group key (IGTK) in the group key\n handshake.\n\nCVE-2017-13082\n\n Accepting a retransmitted Fast BSS Transition (FT) Reassociation\n Request and reinstalling the pairwise encryption key (PTK-TK)\n while processing it.\n\nCVE-2017-13084\n\n Reinstallation of the STK key in the PeerKey handshake.\n\nCVE-2017-13086\n\n reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n (TPK) key in the TDLS handshake.\n\nCVE-2017-13087\n\n reinstallation of the group key (GTK) when processing a Wireless\n Network Management (WNM) Sleep Mode Response frame.\n\nCVE-2017-13088\n\n reinstallation of the integrity group key (IGTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response frame.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.0-3+deb7u5. Note that the latter two vulnerabilities (CVE-2017-13087\nand CVE-2017-13088) were mistakenly marked as fixed in the changelog\nwhereas they simply did not apply to the 1.0 version of the WPA source\ncode, which doesn't implement WNM sleep mode responses.\n\nWe recommend that you upgrade your wpa packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-10-31T14:48:52", "published": "2017-10-31T14:48:52", "id": "DEBIAN:DLA-1150-1:A6833", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00029.html", "title": "[SECURITY] [DLA 1150-1] wpa security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "modified": "2017-10-17T02:21:04", "published": "2017-10-17T02:21:04", "id": "FEDORA:0DD9C604DD0F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: wpa_supplicant-2.6-3.fc25.1", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "modified": "2017-10-16T17:59:17", "published": "2017-10-16T17:59:17", "id": "FEDORA:AA0BE60A8642", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: wpa_supplicant-2.6-11.fc26", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "modified": "2017-10-17T00:20:50", "published": "2017-10-17T00:20:50", "id": "FEDORA:1714A6074A50", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: wpa_supplicant-2.6-11.fc27", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2017-11-15T17:59:04", "published": "2017-11-15T17:59:04", "id": "FEDORA:0CCFB604C905", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: hostapd-2.6-6.fc27", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2017-11-15T20:23:27", "published": "2017-11-15T20:23:27", "id": "FEDORA:6D2216047E58", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: hostapd-2.6-6.fc26", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2017-11-15T22:30:40", "published": "2017-11-15T22:30:40", "id": "FEDORA:6384860875B6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: hostapd-2.6-6.fc25", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-10-18T16:52:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "This update for wpa_supplicant fixes the security issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2017-10-18T15:07:12", "published": "2017-10-18T15:07:12", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html", "id": "OPENSUSE-SU-2017:2755-1", "type": "suse", "title": "Security update for wpa_supplicant (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-17T20:11:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "This update for wpa_supplicant fixes the security issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n", "edition": 1, "modified": "2017-10-17T18:11:19", "published": "2017-10-17T18:11:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html", "id": "SUSE-SU-2017:2745-1", "type": "suse", "title": "Security update for wpa_supplicant (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-17T22:11:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "This update for wpa_supplicant fixes the following issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n", "edition": 1, "modified": "2017-10-17T21:07:43", "published": "2017-10-17T21:07:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html", "id": "SUSE-SU-2017:2752-1", "type": "suse", "title": "Security update for wpa_supplicant (important)", "cvss": {"score": 0.0, "vector": "NONE"}}], "nvidia": [{"lastseen": "2021-02-02T20:27:02", "bulletinFamily": "software", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "### Vulnerability Details\n\nThe following section summarizes the vulnerabilities. Descriptions use [CWE\u2122](<https://cwe.mitre.org/>) and risk assessments follow [CVSS](<https://www.first.org/cvss/user-guide>).\n\n#### CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088\n\nL4T ships with a reference root file system based upon the Ubuntu\u00ae Operating System, which is vulnerable to \u201cKRACK\u201d vulnerabilities. For more information about \u201cKRACK,\u201d see the Ubuntu Security Notice at <https://usn.ubuntu.com/usn/usn-3455-1/>.\n\n_NVIDIA\u2019s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to these issues at this time._\n", "modified": "2018-02-20T09:20:00", "published": "2017-12-20T00:00:00", "id": "NVIDIA:4601", "href": "http://nvidia.custhelp.com/app/answers/detail/a_id/4601", "type": "nvidia", "title": "Security Bulletin: NVIDIA Linux for Tegra (L4T) \u201cKRACK\u201d vulnerabilities", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:38:29", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13077", "CVE-2017-13087"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2911\n\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es):\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/034608.html\n\n**Affected packages:**\nwpa_supplicant\n\n**Upstream details at:**\n", "edition": 4, "modified": "2017-10-18T16:57:30", "published": "2017-10-18T16:57:30", "href": "http://lists.centos.org/pipermail/centos-announce/2017-October/034608.html", "id": "CESA-2017:2911", "title": "wpa_supplicant security update", "type": "centos", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13087"], "description": "The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es):\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "modified": "2018-06-07T18:23:15", "published": "2017-10-18T19:43:19", "id": "RHSA-2017:2911", "href": "https://access.redhat.com/errata/RHSA-2017:2911", "type": "redhat", "title": "(RHSA-2017:2911) Important: wpa_supplicant security update", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2019-02-01T18:02:15", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-11-30T00:00:00", "published": "2017-11-17T00:00:00", "id": "HUAWEI-SA-20171117-01-WPA", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-01-wpa-en", "title": "Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products", "type": "huawei", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "myhack58": [{"lastseen": "2017-10-18T13:09:05", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "2017 10 on 16 September, called KRACK vulnerability flaws bug invasion attack method is expressed, for WiFi+WPA2 collect intrusion attack. \nKRACK tension is the application of 802. 11i 4-way handshake vulnerability in the flaws bug to the ultimate completion of the decryption and fabricated encrypted WiFi traffic, the vulnerability flaws of the bug from the imec-DistriNet of Mathy Vanhoef and KU Leuven invention. This vulnerability flaws bug confound a variety of intrusion attack patterns, AP popular terminal, the relay terminal, and the client are affected. \nBased on krackattacks. com and the sector manufacturers announced the network security notification Bulletin comprehensive analysis, contains Linux,Android, Cisco wireless products, OpenBSD, MacOS, Windows, iOS and other product or platform, the impact was widespread. \n360CERT initiatives of the client product users, IoT, router manufacturers as soon as possible to stop the coherent vulnerability flaws bug the evaluation of the query visit. \nReference:tips for translation the key heavy intrusion: forced WPA2 reuse the Nonce. \n0x01 confound the impact \nAffect \nKRACK vulnerability flaws bug the size of widespread, affect large. \nKRACK vulnerability flaws bug may be formed WiFi+WPA2 encrypted network traffic may be intrusion the attacker to decrypt or inject vicious thoughts intrusion packet, the CAN will leak contains password, etc., \u9690\u8877 information, but the application HTTPS application layer encryption layer flow is not affected. \n360CERT a comprehensive analysis, this vulnerability flaws bug confound the impact is large, vulnerability flaws bug-grade tensions, no large-scale realistic intrusion case generated, the temporary assessment for a large collection of network security turmoil. \nVulnerability flaws bug information \nCVE-2017-13077: 4-way handshake when the key pair(PTK-TK)overload vulnerability flaws bug \nCVE-2017-13078: 4-way handshake when the GTK overloaded vulnerability flaws bug \nCVE-2017-13079: 4-way handshake when the IGTK overload vulnerability flaws bug \nCVE-2017-13080: group key handshake GTK overloaded vulnerability flaws bug \nCVE-2017-13081: group key handshake when the IGTK overload vulnerability flaws bug \nCVE-2017-13082: take over the FT reconnection pleadingly, the key pair(PTK-TK)overload vulnerability flaws bug \nCVE-2017-13084 rotate: PeerKey handshake when the STK key overload vulnerability flaws bug \nCVE-2017-13086: TDLS handshake when the TDLS,TPK overload vulnerability flaws bug \nCVE-2017-13087: disposal of WNM sleep in the form of the corresponding frame GTK overloaded vulnerability flaws bug \nCVE-2017-13088: disposal of WNM sleep in the form of the corresponding frame IGTK overload vulnerability flaws bug \nImpact version \nNote:the sector information on the origin[reference 3] \nArch Linux \nArista \nAruba \nBroadcom \nCisco \nDD-WRT \nDebian \nExtreme Networks \nFedora \nFreeBSD \nLenovo \nJuniper \nIntel Corporation \nLineageOS \nLXDE \nMarvell \nMeraki \nMicrosoft \nMikroTik \nMojo Networks \nSynology \nTurris ' Omnia \nUbiquiti \nUbuntu \nUniFi \nVMware \nWatchguard Cloud \nWindows 10 \nWPA_supplicant \n0x02 sector skills information \nNote:the sector information from the[reference 1]and[reference 4] \n802.11 i the agreement, i.e.: WPA2 agreements via the process in two from the force of the mechanism to package data transmission secrecy. The first one is in the record layer via the process of encryption of the WiFi frame method, the package frustration is plaintext read or sniffing. The encryption mechanism on weekdays is via the process of AES-CCM method, of course, also there is sector to start the GCM form, and another sector of the old RC4-TKIP method. \nThe necessary exertions at the discretion of the AES-CCM(also contains the GCM, TKIP)is a stream cipher, which means that the reuse of the encryption parameters of the key and the nonce(i.e. initialization vector)the environment is able to be the invasion attack. 802.11 i is based on the packet count(packet number, number)method, which is in the session established after the initial value is 0, and will absolutely not incremented\uff08while to 2^48 time, it will trigger the update key to manipulate it. As a result, assuming that the packet Count is not reset environment, it is possible to win preparedness key+nonce reuse invasion attack. \nThe second mechanism is the AP and the client supplicant between the 4-way handshake process, the tensions used to negotiate the encryption key. KRACK vulnerability flaws bugs will be indirectly applied to the 4-way handshake#3 packet#3 packet can be used for the client a new key device application. \n! [](/Article/UploadPic/2017-10/20171018161235834. png? www. myhack58. com) \nKRACK of nervous vulnerability flaws bug is that the #3 package can be vicious thoughts blocked. When this environment is generated, the AP Client will retransmit this news, will lead to strange of a key in the client be re-installed. Bring a reaction is will also incur packet count will be reset to 0 for sector clients, such as Android6, the key is reset to 0), The Ultimate, it will trigger the key+nonce reuse invasion attack. The invasion of the attacker to be able to apply it to all traffic decryption, TCP coerce, etc. \nAnything else, otherwise the following 2 types of intrusion attacks: \nContains the customer really based on GTK intrusion attacks; \nFor the AP really 802. 11 RFT handshake invasion attack; \nMore specific tips details can be found 360CERT translation of the key heavy intrusion: forced WPA2 reuse the Nonce. \nQ & A \nNote:the sector information from the[reference 1] \nI need to swap the WiFi password? \nChange WiFi password and does not contribute to the attack and the vulnerability flaws bug you with unnecessary changes. The same, you should Deposit concern that you application client, Android, IoT product can update, the router firmware can update. Of course if you do, then you can take this update down your WiFi password. \nOnly support AES Suite WPA2 is also affected by the vulnerability. the bug affect? \nYes, also subject to. \nMy equipment can also affected? \nIf your equipment Support WiFi+WPA2 adapter(such as mobile phones, laptops, etc.), it can also be affected, please consult the coherent vendors. \nIf my router did not announce the update? \nWhile the invasion of the attacker's application can be for the customers really, what, then router, etc. is also dangerous. Initiative you first contact your vendor to determine next whether there are network security updates, of course, you can also choice to have the network security updates 360 network security router. \nI should temporarily switch to WEP until my gear is updated? \nNo, this is definitely not a good choice. \nThis intrusion seems very difficult? \nJust theory and no then difficult, and even quite popular briefly. Absolutely don't think this intrusion is very difficult. \n0x03 network security initiatives \nThe initiative of the user as soon as the evaluation itself, the client,and the device corresponding to the network security update\n", "edition": 1, "modified": "2017-10-18T00:00:00", "published": "2017-10-18T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/89609.htm", "id": "MYHACK58:62201789609", "title": "KRACK: WPA2 series of vulnerabilities in the event of early warning-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 5.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "\nwpa_supplicant developers report:\n\nA vulnerability was found in how a number of implementations can be\n\t triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\n\t replaying a specific frame that is used to manage the keys.\n\n", "edition": 6, "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "D670A953-B2A1-11E7-A633-009C02A2AB30", "href": "https://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html", "title": "WPA packet number reuse with replayed messages and key reinstallation", "type": "freebsd", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2018-01-27T10:06:54", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "[![wpa2-krack-wifi-hacking](https://4.bp.blogspot.com/-V8dDL9Kefnc/WeRTm2l5ATI/AAAAAAAAuY0/MEaxpP-Xiogl9mWcFyr4J03EzrG2zxZMwCLcBGAs/s1600/wpa2-krack-wifi-hacking.png)](<https://4.bp.blogspot.com/-V8dDL9Kefnc/WeRTm2l5ATI/AAAAAAAAuY0/MEaxpP-Xiogl9mWcFyr4J03EzrG2zxZMwCLcBGAs/s1600/wpa2-krack-wifi-hacking.png>)\n\nDo you think your wireless network is secure because you're using WPA2 encryption? \n \nIf yes, think again! \n \nSecurity researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. \n \nWPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices\u2014including in our homes and businesses, along with the networking companies that build them. \n \nDubbed **KRACK**\u2014**Key Reinstallation Attack**\u2014the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. \n \nSince the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected. \n \nAccording to the researchers, the newly discovered attack works against: \n \n\n\n * Both WPA1 and WPA2,\n * Personal and enterprise networks,\n * Ciphers WPA-TKIP, AES-CCMP, and GCMP\n \nIn short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks. \n \nIt should be noted that the KRACK attack does not help attackers recover the targeted WiFi's password; instead, it allows them to decrypt WiFi users' data without cracking or knowing the actual password. \n \nSo merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack. \n \n\n\n### Here's How the KRACK WPA2 Attack Works (PoC Code):\n\n \n\n\n \nDiscovered by researcher Mathy Vanhoef of imec-DistriNet, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic. \n \nFor a successful KRACK attack, an attacker needs to trick a victim into re-installing an already-in-use key, which is achieved by manipulating and replaying cryptographic handshake messages. \n\n\n> \"When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value,\" the researcher writes. \n\n> \"Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.\"\n\nThe research [[PDF](<https://papers.mathyvanhoef.com/ccs2017.pdf>)], titled **_Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2_**, has been published by Mathy Vanhoef of KU Leuven and Frank Piessens of imec-DistriNet, Nitesh Saxena and Maliheh Shirvanian of the University of Alabama at Birmingham, Yong Li of Huawei Technologies, and Sven Sch\u00e4ge of Ruhr-Universit\u00e4t Bochum. \n \nThe team has successfully executed the key reinstallation attack against an Android smartphone, showing how an attacker can decrypt all data that the victim transmits over a protected WiFi. You can watch the video demonstration above and download [**proof-of-concept (PoC) **](<https://github.com/vanhoefm/krackattacks-test-ap-ft>)[**code**](<https://github.com/vanhoefm/krackattacks-test-ap-ft>) from Github. \n\n\n> \"Decryption of packets is possible because a key reinstallation attack causes the transmit nonces (sometimes also called packet numbers or initialization vectors) to be reset to zero. As a result, the same encryption key is used with nonce values that have already been used in the past,\" the researcher say.\n\nThe researchers say their key reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher, because _\"Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info).\"_ \n_ \n_ However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended WiFi network. \n \n\n\n### WPA2 Vulnerabilities and their Brief Details \n\n \nThe key management vulnerabilities in the WPA2 protocol discovered by the researchers has been tracked as: \n \n\n\n * **CVE-2017-13077**: Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.\n * **CVE-2017-13078**: Reinstallation of the group key (GTK) in the four-way handshake.\n * **CVE-2017-13079**: Reinstallation of the integrity group key (IGTK) in the four-way handshake.\n * **CVE-2017-13080**: Reinstallation of the group key (GTK) in the group key handshake.\n * **CVE-2017-13081**: Reinstallation of the integrity group key (IGTK) in the group key handshake.\n * **CVE-2017-13082**: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.\n * **CVE-2017-13084**: Reinstallation of the STK key in the PeerKey handshake.\n * **CVE-2017-13086**: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.\n * **CVE-2017-13087**: reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n * **CVE-2017-13088**: reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n \nThe researchers discovered the vulnerabilities last year, but sent out notifications to several vendors on July 14, along with the United States Computer Emergency Readiness Team (US-CERT), who sent out a broad warning to hundreds of vendors on 28 August 2017. \n\n\n> \"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others,\" the US-CERT warned. \"Note that as protocol-level issues, most or all correct implementations of the standard will be affected.\"\n\nIn order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors. \n \nAccording to researchers, the communication over HTTPS is secure (but may not be 100 percent secure) and cannot be decrypted using the KRACK attack. So, you are advised to use a [secure VPN service](<https://thehackernews.com/2017/05/secure-best-vpn-service.html>)\u2014which encrypts all your Internet traffic whether it\u2019s HTTPS or HTTP. \n \nYou can read more information about these vulnerabilities on the KRACK attack's [dedicated website](<https://www.krackattacks.com/>), and the research paper. \n \nThe team has also [released a script](<https://github.com/vanhoefm/krackattacks-test-ap-ft>) using which you can check whether if your WiFi network is vulnerable to the KRACK attack or not. \n \nWe will keep updating the story. Stay Tuned!\n", "modified": "2017-10-19T16:43:49", "published": "2017-10-15T23:21:00", "id": "THN:29EC2E0BD61CF15B2E756ECA04EDFF50", "href": "https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html", "type": "thn", "title": "KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded.\n This update includes patches to mitigate the WPA2 protocol issues known\n as \"KRACK\" (Key Reinstallation AttaCK), which may be used to decrypt data,\n hijack TCP connections, and to forge and inject packets. This is the\n list of vulnerabilities that are addressed here:\n CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the\n 4-way handshake.\n CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.\n CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way\n handshake.\n CVE-2017-13080: Reinstallation of the group key (GTK) in the group key\n handshake.\n CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group\n key handshake.\n CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)\n Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)\n while processing it.\n CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.\n CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)\n PeerKey (TPK) key in the TDLS handshake.\n CVE-2017-13087: reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response frame.\n CVE-2017-13088: reinstallation of the integrity group key (IGTK) when\n processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n For more information, see:\n https://www.krackattacks.com/\n https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nd8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nf25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz\n\nSlackware x86_64 -current package:\n464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz", "modified": "2017-10-18T19:36:09", "published": "2017-10-18T19:36:09", "id": "SSA-2017-291-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.592891", "type": "slackware", "title": "[slackware-security] wpa_supplicant", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2019-05-08T22:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nYou can use F5 products to mitigate the potential damage by such an attack by limiting what information an attacker may obtain. For example, you can use F5 products that implement SSL/TLS offloading, and BIG-IP APM SSL VPN to protect data in transit across WiFi networks. You can use F5 MobileSafe and WebSafe Application-Layer Encryption to protect data before it transits potentially compromised WiFi networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-10-18T00:01:00", "published": "2017-10-17T23:37:00", "id": "F5:K23642330", "href": "https://support.f5.com/csp/article/K23642330", "title": "Multiple WPA2 vulnerabilities (KRACK)", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2017-11-11T02:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### Background\n\nwpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers. \n\n### Description\n\nWiFi Protected Access (WPA and WPA2) and it\u2019s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nAn attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll hostapd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-wireless/hostapd-2.6-r1\"\n \n\nAll wpa_supplicant users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=net-wireless/wpa_supplicant-2.6-r3\"", "edition": 1, "modified": "2017-11-10T00:00:00", "published": "2017-11-10T00:00:00", "href": "https://security.gentoo.org/glsa/201711-03", "id": "GLSA-201711-03", "title": "hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks", "type": "gentoo", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:16", "bulletinFamily": "bugbounty", "bounty": 25000.0, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Full background information is at [krackattacks.com](https://www.krackattacks.com) and all detailed information can be found in our [research paper](https://papers.mathyvanhoef.com/ccs2017.pdf).\n\n# Key Reinstallation Attack: 4-way handshake example\n\nWe use the 4-way handshake to illustrate the idea behind key reinstallation attacks (CVE-2017-13077).\nNote that in practice, all protected Wi-Fi network rely on the 4-way handshake to derive a fresh session key (PTK) from some shared secret.\n\n### Step 1. Channel-based man-in-the-middle and initial handshake messages:\n\n* The adversary clones the access point (AP) on a different channel. Say the real AP is on channel 6, and it will be cloned on channel 1.\n* The adversary uses Channel Switch Announcements to force victims into connecting to the cloned AP on channel 1.\n* The adversary forwards the first three message of the 4-way handshake between the client and AP (i.e. the adversary fowards frames over the different channels).\n* After the client receives message 3 of the handshake, it will install the fresh session key (PTK) for the first time.\n\n### Step 2. Triggering a key reinstallation:\n\n* The attacker does not forward message 4 of the handshake to the AP, effectively blocking it.\n* As a result, the AP will retransmit message 3 to the client.\n* After the client receives message 3, it responds with message 4. In practice all clients encrypt this retransmitted message 4 at the link layer. Note that it's encrypted because message 4 an ordinary data frame, and the victim has already installed the session key to encrypt data frames (recall end of step 1). The victim will **use a nonce value of 1 to encrypt** message 4.\n* After sending message 4, the client will reinstall the session key. This **resets the transmit nonce** to zero.\n\n### Step 3. Abusing nonce reuse:\n\n* When the client now transmit a normal encrypted data frame, it will increment the nonce counter, and then **reuse the nonce value 1 when encrypting the data frame**.\n* We can derive known keystream from the encrypted retransmitted message 4 (recall step 2), and use this to decrypt parts of the just transmitted encrypted data frame.\n* Other predictable packets (ARP, DHCP, HTML, and so on) can be used to obtain additional known plaintext and keystream, which can in turn be used to decrypt more and bigger packets.\n\nThe above example attack against the 4-way handshake is also illustrated in my [CCS'17 presentation](https://papers.mathyvanhoef.com/ccs2017-slides.pdf).\n\n# Other handshakes\n\nOther Wi-Fi handshakes or features that were found to be vulnerable to key reinstallation attacks are:\n- Reinstallation of group keys in the 4-way handshake: CVE-2017-13078 and CVE-2017-13079\n- The group key handshake: CVE-2017-13080 and CVE-2017-13081\n- The Fast BSS Transition (FT) handshake: CVE-2017-13082\n- The PeerKey handshake: CVE-2017-13084\n- The Tunneled Direct-Link Setup (TDLS) handshake: CVE-2017-13086\n- Handling of Wireless Network Management (WNM) Sleep Mode Response frame: CVE-2017-13087 and CVE-2017-13088.\n\n# Countermeasures\n\nImplementations can be updated to prevent key reinstallation attacks in a backwards-compatible manner.\n\nAs an additional mitigation, an access point can also prevent most attacks against vulnerable clients.\nIn particular, attacks against the 4-way handshake can be prevented by not retransmitting message 3.\nSimilarly, attacks against the group key handshake can be prevented by not retransmitting message 1 of the group key handshake. Alternatively, the access point can retransmit these two handshake messages using the previously used EAPOL-Key replay counter.\n\n# Additional Contributions\n\n- We helped with writing several [patches for hostap](https://w1.fi/security/2017-1/), which is used in Linux, Android, and several professional APs.\n- We wrote most parts of the [patch to OpenBSD](https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/027_net80211_replay.patch.sig).\n- We created vulnerability test tools to detect if devices are vulnerable. [The Wi-Fi Alliance](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update) is using these to [test if new products are affected](https://www.wi-fi.org/security-update-october-2017) or not. These test tools will be released publically once they are stable enough.", "modified": "2017-11-03T00:37:55", "published": "2017-11-02T22:08:43", "id": "H1:286740", "href": "https://hackerone.com/reports/286740", "type": "hackerone", "title": "The Internet: Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cisco": [{"lastseen": "2020-12-24T11:41:05", "bulletinFamily": "software", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "A vulnerability in the processing of the 802.11 PeerKey handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force an STSL to reinstall a previously used STK.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between the stations and retransmitting previously used messages exchanges between stations.\n\nA vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used pairwise key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11r Fast BSS (Basic Service Set) Transition handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force an authenticator to reinstall a previously used pairwise key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping on an FT handshake, and then replaying the reassociation request from the supplicant to the authenticator.\n\nA vulnerability in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping and retransmitting previously used WNM Sleep Mode Response frames.\n\nA vulnerability in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping and retransmitting previously used WNM Sleep Mode Response frames.\n\nA vulnerability in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping on a TDLS handshake and retransmitting previously used message exchanges between supplicant and authenticator.\n\nOn October 16, 2017, a research paper with the title \u201cKey Reinstallation Attacks: Forcing Nonce Reuse in WPA2\u201d was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.\n\nAmong these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), while the other nine vulnerabilities may affect only client devices.\n\nMultiple Cisco wireless products are affected by these vulnerabilities.\n\nCisco will release software updates that address these vulnerabilities. There are workarounds that addresses the vulnerabilities in CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, and CVE-2017-13082. There are no workarounds for CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\"]", "modified": "2018-01-02T17:35:41", "published": "2017-10-16T14:00:00", "id": "CISCO-SA-20171016-WPA", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa", "type": "cisco", "title": "Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", "cvss": {"score": 4.3, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4476", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2016-4477", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly \nhandled WPA2. A remote attacker could use this issue with key \nreinstallation attacks to obtain sensitive information. (CVE-2017-13077, \nCVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, \nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled \ninvalid characters in passphrase parameters. A remote attacker could use \nthis issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled \ninvalid characters in passphrase parameters. A local attacker could use \nthis issue to cause a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-4477)", "edition": 5, "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "USN-3455-1", "href": "https://ubuntu.com/security/notices/USN-3455-1", "title": "wpa_supplicant and hostapd vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}]}

Fortinet FortiGate &lt; 5.2 / 5.2.x &lt;= 5.2.11 / 5.4.x &lt;= 5.4.5 / 5.6.x &lt;= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)

Description

Fortinet FortiGate < 5.2 / 5.2.x <= 5.2.11 / 5.4.x <= 5.4.5 / 5.6.x <= 5.6.2 Multiple Vulnerabilities (FG-IR-17-196) (KRACK)