CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
51.9%
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 17.04 | cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:* |
debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
freebsd | freebsd | * | cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* |
freebsd | freebsd | 10 | cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:* |
freebsd | freebsd | 10.4 | cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:* |
freebsd | freebsd | 11 | cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:* |
freebsd | freebsd | 11.1 | cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
www.debian.org/security/2017/dsa-3999
www.kb.cert.org/vuls/id/228519
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.securityfocus.com/bid/101274
www.securitytracker.com/id/1039573
www.securitytracker.com/id/1039576
www.securitytracker.com/id/1039577
www.securitytracker.com/id/1039578
www.securitytracker.com/id/1039581
www.securitytracker.com/id/1039585
www.ubuntu.com/usn/USN-3455-1
access.redhat.com/security/vulnerabilities/kracks
cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
cert.vde.com/en-us/advisories/vde-2017-005
lists.debian.org/debian-lts-announce/2018/11/msg00015.html
security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
security.gentoo.org/glsa/201711-03
source.android.com/security/bulletin/2017-11-01
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
www.krackattacks.com/
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
51.9%