CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
46.8%
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 17.04 | cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:* |
debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
freebsd | freebsd | * | cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* |
freebsd | freebsd | 10 | cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:* |
freebsd | freebsd | 10.4 | cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:* |
freebsd | freebsd | 11 | cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:* |
freebsd | freebsd | 11.1 | cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
www.debian.org/security/2017/dsa-3999
www.kb.cert.org/vuls/id/228519
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.securityfocus.com/bid/101274
www.securitytracker.com/id/1039570
www.securitytracker.com/id/1039571
www.securitytracker.com/id/1039573
www.securitytracker.com/id/1039581
www.ubuntu.com/usn/USN-3455-1
access.redhat.com/errata/RHSA-2017:2907
access.redhat.com/security/vulnerabilities/kracks
cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
cert.vde.com/en-us/advisories/vde-2017-005
github.com/vanhoefm/krackattacks-test-ap-ft
ics-cert.us-cert.gov/advisories/ICSA-17-299-02
rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697
security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
security.gentoo.org/glsa/201711-03
source.android.com/security/bulletin/2017-11-01
support.lenovo.com/us/en/product_security/LEN-17420
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
www.krackattacks.com/
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
46.8%