Search...

Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities

2017-10-25T00:00:00

ID OPENVAS:1361412562310140451
Type openvas
Reporter This script is Copyright (C) 2017 Greenbone Networks GmbH
Modified 2018-10-26T00:00:00

Description

Cisco IP Phone 8861 is prone to key reinstallation attacks against WPA protocol.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_cisco_ip_phone_8861_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $
#
# Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities
#
# Authors:
# Christian Kuersteiner &lt;christian.kuersteiner@greenbone.net&gt;
#
# Copyright:
# Copyright (c) 2017 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.140451");
  script_version("$Revision: 12106 $");
  script_tag(name:"last_modification", value:"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $");
  script_tag(name:"creation_date", value:"2017-10-25 10:08:52 +0700 (Wed, 25 Oct 2017)");
  script_tag(name:"cvss_base", value:"5.4");
  script_tag(name:"cvss_base_vector", value:"AV:A/AC:M/Au:N/C:P/I:P/A:P");

  script_cve_id("CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081",
                "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_copyright("This script is Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("CISCO");
  script_dependencies("gb_cisco_ip_phone_detect.nasl");
  script_mandatory_keys("cisco/ip_phone/model");

  script_tag(name:"summary", value:"Cisco IP Phone 8861 is prone to key reinstallation attacks against
WPA protocol.");

  script_tag(name:"insight", value:"On October 16th, 2017, a research paper with the title of 'Key
Reinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven
vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected
Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a
group key, or an integrity key on either a wireless client or a wireless access point. Additional research also
led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless
supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless
Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a
pairwise key, group key, or integrity group key.");

  script_tag(name:"impact", value:"An attacker within the wireless communications range of an affected AP and
client may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the
replay of unicast, broadcast, and multicast frames.");

  script_tag(name:"solution", value:"Update to version 12.0.1SR1 or later.");

  script_xref(name:"URL", value:"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa");

  exit(0);
}

include("version_func.inc");

if (!model = get_kb_item("cisco/ip_phone/model"))
  exit(0);

if (model =~ "^CP-8861") {
  if (!version = get_kb_item("cisco/ip_phone/version"))
    exit(0);

  version = eregmatch(pattern: "sip88xx\.([0-9SR-]+)", string: version);

  if (!isnull(version[1])) {
    version = ereg_replace(string: version[1], pattern: "-", replace: ".");
    if (version_is_less(version: version, test_version: "12.0.1SR1")) {
      report = report_fixed_ver(installed_version: version, fixed_version: "12.0.1SR1");
      security_message(port: 0, data: report);
      exit(0);
    }
  }
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310140451", "type": "openvas", "bulletinFamily": "scanner", "title": "Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities", "description": "Cisco IP Phone 8861 is prone to key reinstallation attacks against\nWPA protocol.", "published": "2017-10-25T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140451", "reporter": "This script is Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"], "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "lastseen": "2019-05-29T18:34:54", "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220171242", "OPENVAS:1361412562310873510", "OPENVAS:1361412562310703999", "OPENVAS:1361412562310873647", "OPENVAS:1361412562310140452", "OPENVAS:1361412562311220171241", "OPENVAS:1361412562310873699", "OPENVAS:1361412562310851627", "OPENVAS:1361412562310873667", "OPENVAS:1361412562310873515"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3999-1:C5D5F", "DEBIAN:DLA-1150-1:A6833"]}, {"type": "nvidia", "idList": ["NVIDIA:4601"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2907", "ELSA-2017-2911"]}, {"type": "nessus", "idList": ["FEDORA_2017-60BFB576B7.NASL", "SLACKWARE_SSA_2017-291-02.NASL", "OPENSUSE-2017-1163.NASL", "EULEROS_SA-2017-1242.NASL", "SUSE_SU-2017-2745-1.NASL", "DEBIAN_DSA-3999.NASL", "FEDORA_2017-F45E844A85.NASL", "FEDORA_2017-12E76E8364.NASL", "SUSE_SU-2017-2752-1.NASL", "EULEROS_SA-2017-1241.NASL"]}, {"type": "ics", "idList": ["ICSA-17-318-01A", "ICSMA-19-029-01", "ICSA-17-318-01C", "ICSA-17-318-02", "ICSA-17-318-01B", "ICSA-17-318-02A", "ICSMA-18-114-01", "ICSA-17-353-02", "ICSA-17-318-01"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2745-1", "OPENSUSE-SU-2017:2755-1", "SUSE-SU-2017:2752-1"]}, {"type": "archlinux", "idList": ["ASA-201710-22", "ASA-201710-23"]}, {"type": "fedora", "idList": ["FEDORA:0CCFB604C905", "FEDORA:6384860875B6", "FEDORA:1714A6074A50", "FEDORA:6D2216047E58", "FEDORA:AA0BE60A8642", "FEDORA:0DD9C604DD0F"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20171117-01-WPA"]}, {"type": "myhack58", "idList": ["MYHACK58:62201789609"]}, {"type": "freebsd", "idList": ["D670A953-B2A1-11E7-A633-009C02A2AB30"]}, {"type": "f5", "idList": ["F5:K23642330"]}, {"type": "thn", "idList": ["THN:29EC2E0BD61CF15B2E756ECA04EDFF50"]}, {"type": "slackware", "idList": ["SSA-2017-291-02"]}, {"type": "gentoo", "idList": ["GLSA-201711-03"]}, {"type": "cisco", "idList": ["CISCO-SA-20171016-WPA"]}, {"type": "hackerone", "idList": ["H1:286740"]}, {"type": "hp", "idList": ["HP:C05876244", "HP:C05872536"]}, {"type": "cve", "idList": ["CVE-2017-13081", "CVE-2017-13079", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13078", "CVE-2017-13086", "CVE-2017-13088", "CVE-2017-13080"]}, {"type": "centos", "idList": ["CESA-2017:2907"]}, {"type": "redhat", "idList": ["RHSA-2017:2907"]}, {"type": "lenovo", "idList": ["LENOVO:PS500143-NOSID"]}, {"type": "ubuntu", "idList": ["USN-3455-1"]}, {"type": "cert", "idList": ["VU:228519"]}], "modified": "2019-05-29T18:34:54", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-05-29T18:34:54", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "1361412562310140451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8861_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140451\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 10:08:52 +0700 (Wed, 25 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8861 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco IP Phone 8861 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 12.0.1SR1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8861\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip88xx\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"12.0.1SR1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.0.1SR1\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "naslFamily": "CISCO", "immutableFields": []}

{"openvas": [{"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Cisco IP Phone 8865 is prone to key reinstallation attacks against\nWPA protocol.", "modified": "2018-10-26T00:00:00", "published": "2017-10-25T00:00:00", "id": "OPENVAS:1361412562310140452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140452", "type": "openvas", "title": "Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_8865_cisco-sa-20171016-wpa.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140452\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 10:19:05 +0700 (Wed, 25 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8865 Multiple WPA2 Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"Cisco IP Phone 8865 is prone to key reinstallation attacks against\nWPA protocol.\");\n\n script_tag(name:\"insight\", value:\"On October 16th, 2017, a research paper with the title of 'Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2' was made publicly available. This paper discusses seven\nvulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected\nAccess II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a\ngroup key, or an integrity key on either a wireless client or a wireless access point. Additional research also\nled to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless\nsupplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless\nNetwork Management) standard. The three additional vulnerabilities could also allow the reinstallation of a\npairwise key, group key, or integrity group key.\");\n\n script_tag(name:\"impact\", value:\"An attacker within the wireless communications range of an affected AP and\nclient may leverage packet decryption and injection, TCP connection hijacking, HTTP content injection, or the\nreplay of unicast, broadcast, and multicast frames.\");\n\n script_tag(name:\"solution\", value:\"Update to version 12.0.1SR1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-8865\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip8845_65\\.([0-9SR-]+)\", string: version);\n\n if (!isnull(version[1])) {\n version = ereg_replace(string: version[1], pattern: \"-\", replace: \".\");\n if (version_is_less(version: version, test_version: \"12.0.1SR1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.0.1SR1\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171241", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1241)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1241\");\n script_version(\"2020-01-23T11:00:31+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1241)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1241\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1241\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2017-1241 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~5.1.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-23T00:00:00", "id": "OPENVAS:1361412562310873667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873667", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2017-fc21e3856b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_fc21e3856b_hostapd_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for hostapd FEDORA-2017-fc21e3856b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873667\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:05:54 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for hostapd FEDORA-2017-fc21e3856b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fc21e3856b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ACQBCSWVEYIR6CEXGZBHR23QKXANVOS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.6~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-23T00:00:00", "id": "OPENVAS:1361412562310873647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873647", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2017-45044b6b33", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_45044b6b33_hostapd_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for hostapd FEDORA-2017-45044b6b33\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873647\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:03:22 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for hostapd FEDORA-2017-45044b6b33\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-45044b6b33\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KGBVGEW4JOQZQF62FQJGCXBMT3UCKOG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.6~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered\nmultiple vulnerabilities in the WPA protocol, used for authentication in\nwireless networks. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2.\n\nMore information can be found in the researchers", "modified": "2019-03-18T00:00:00", "published": "2017-10-16T00:00:00", "id": "OPENVAS:1361412562310703999", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703999", "type": "openvas", "title": "Debian Security Advisory DSA 3999-1 (wpa - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3999.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3999-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703999\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_name(\"Debian Security Advisory DSA 3999-1 (wpa - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-16 00:00:00 +0200 (Mon, 16 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3999.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9|10)\");\n script_tag(name:\"affected\", value:\"wpa on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 2.3-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1.\n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1.\n\nWe recommend that you upgrade your wpa packages.\");\n script_tag(name:\"summary\", value:\"Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered\nmultiple vulnerabilities in the WPA protocol, used for authentication in\nwireless networks. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2.\n\nMore information can be found in the researchers's paper, Key Reinstallation Attacks:\nForcing Nonce Reuse in WPA2\n.\n\nCVE-2017-13077:\n\nreinstallation of the pairwise key in the Four-way handshake\n\nCVE-2017-13078:\n\nreinstallation of the group key in the Four-way handshake\n\nCVE-2017-13079:\n\nreinstallation of the integrity group key in the Four-way\nhandshake\n\nCVE-2017-13080:\n\nreinstallation of the group key in the Group Key handshake\n\nCVE-2017-13081:\n\nreinstallation of the integrity group key in the Group Key\nhandshake\n\nCVE-2017-13082:\n\naccepting a retransmitted Fast BSS Transition Reassociation Request\nand reinstalling the pairwise key while processing it\n\nCVE-2017-13086:\n\nreinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n(TPK) key in the TDLS handshake\n\nCVE-2017-13087:\n\nreinstallation of the group key (GTK) when processing a\nWireless Network Management (WNM) Sleep Mode Response frame\n\nCVE-2017-13088:\n\nreinstallation of the integrity group key (IGTK) when processing\na Wireless Network Management (WNM) Sleep Mode Response frame\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2.3-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpagui\", ver:\"2.3-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2.3-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.4-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpagui\", ver:\"2:2.4-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.4-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpagui\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wpasupplicant-udeb\", ver:\"2:2.4-1.1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-11-23T00:00:00", "id": "OPENVAS:1361412562310873699", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873699", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2017-cfb950d8f4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_cfb950d8f4_hostapd_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for hostapd FEDORA-2017-cfb950d8f4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873699\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:08:07 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\",\n \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for hostapd FEDORA-2017-cfb950d8f4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cfb950d8f4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFDEEZO2HIPIZT5H3YWYMNHXMGJ5VWHL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.6~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171242", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1242)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1242\");\n script_version(\"2020-01-23T11:00:42+0000\");\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2017-1242)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1242\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1242\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2017-1242 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13079)\n\nWi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.(CVE-2017-13081)\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~5.1.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-10-18T00:00:00", "id": "OPENVAS:1361412562310851627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851627", "type": "openvas", "title": "openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2017:2755-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851627\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-10-18 16:54:50 +0200 (Wed, 18 Oct 2017)\");\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\",\n \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_tag(name:\"cvss_base\", value:\"2.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2017:2755-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for wpa_supplicant fixes the security issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"wpa_supplicant on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2755-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debuginfo\", rpm:\"wpa_supplicant-debuginfo~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debugsource\", rpm:\"wpa_supplicant-debugsource~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui\", rpm:\"wpa_supplicant-gui~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui-debuginfo\", rpm:\"wpa_supplicant-gui-debuginfo~2.2~9.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debuginfo\", rpm:\"wpa_supplicant-debuginfo~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-debugsource\", rpm:\"wpa_supplicant-debugsource~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui\", rpm:\"wpa_supplicant-gui~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant-gui-debuginfo\", rpm:\"wpa_supplicant-gui-debuginfo~2.2~13.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-10-21T00:00:00", "id": "OPENVAS:1361412562310873515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873515", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_12e76e8364_wpa_supplicant_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873515\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:52:30 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-13082\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2017-13077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2017-12e76e8364\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-12e76e8364\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O6SYMGH6E5OY5UT6UM342YZWGFEABN3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~3.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-10-21T00:00:00", "id": "OPENVAS:1361412562310873510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873510", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_60bfb576b7_wpa_supplicant_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873510\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:52:00 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-13082\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\",\n \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2017-13077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2017-60bfb576b7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wpa_supplicant on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-60bfb576b7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QU3OES2BGSLFQGSDGNMTUWDQFC3JJ2Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~11.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:05:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3999-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nOctober 16, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 \n CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n CVE-2017-13088\n\nMathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered\nmultiple vulnerabilities in the WPA protocol, used for authentication in\nwireless networks. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2. \n\nMore information can be found in the researchers's paper, Key Reinstallation\nAttacks: Forcing Nonce Reuse in WPA2.\n\nCVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake\nCVE-2017-13078: reinstallation of the group key in the Four-way handshake\nCVE-2017-13079: reinstallation of the integrity group key in the Four-way\n handshake\nCVE-2017-13080: reinstallation of the group key in the Group Key handshake\nCVE-2017-13081: reinstallation of the integrity group key in the Group Key\n handshake\nCVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation\n Request and reinstalling the pairwise key while processing it\nCVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n (TPK) key in the TDLS handshake\nCVE-2017-13087: reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response frame\nCVE-2017-13088: reinstallation of the integrity group key (IGTK) when\n processing a Wireless Network Management (WNM) Sleep Mode\n Response frame\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2.3-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1.\n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1.\n\nWe recommend that you upgrade your wpa packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 15, "modified": "2017-10-16T09:21:02", "published": "2017-10-16T09:21:02", "id": "DEBIAN:DSA-3999-1:C5D5F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00261.html", "title": "[SECURITY] [DSA 3999-1] wpa security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Package : wpa\nVersion : 1.0-3+deb7u5\nCVE ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 \n CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n CVE-2017-13088\n\nA vulnerability was found in how WPA code can be triggered to\nreconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific\nframe that is used to manage the keys. Such reinstallation of the\nencryption key can result in two different types of vulnerabilities:\ndisabling replay protection and significantly reducing the security of\nencryption to the point of allowing frames to be decrypted or some parts\nof the keys to be determined by an attacker depending on which cipher is\nused.\n\nThose issues are commonly known under the "KRACK" appelation. According\nto US-CERT, "the impact of exploiting these vulnerabilities includes\ndecryption, packet replay, TCP connection hijacking, HTTP content\ninjection, and others."\n\nCVE-2017-13077\n\n Reinstallation of the pairwise encryption key (PTK-TK) in the\n 4-way handshake.\n\nCVE-2017-13078\n\n Reinstallation of the group key (GTK) in the 4-way handshake.\n\nCVE-2017-13079\n\n Reinstallation of the integrity group key (IGTK) in the 4-way\n handshake.\n\nCVE-2017-13080\n\n Reinstallation of the group key (GTK) in the group key handshake.\n\nCVE-2017-13081\n\n Reinstallation of the integrity group key (IGTK) in the group key\n handshake.\n\nCVE-2017-13082\n\n Accepting a retransmitted Fast BSS Transition (FT) Reassociation\n Request and reinstalling the pairwise encryption key (PTK-TK)\n while processing it.\n\nCVE-2017-13084\n\n Reinstallation of the STK key in the PeerKey handshake.\n\nCVE-2017-13086\n\n reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n (TPK) key in the TDLS handshake.\n\nCVE-2017-13087\n\n reinstallation of the group key (GTK) when processing a Wireless\n Network Management (WNM) Sleep Mode Response frame.\n\nCVE-2017-13088\n\n reinstallation of the integrity group key (IGTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response frame.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.0-3+deb7u5. Note that the latter two vulnerabilities (CVE-2017-13087\nand CVE-2017-13088) were mistakenly marked as fixed in the changelog\nwhereas they simply did not apply to the 1.0 version of the WPA source\ncode, which doesn't implement WNM sleep mode responses.\n\nWe recommend that you upgrade your wpa packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-10-31T14:48:52", "published": "2017-10-31T14:48:52", "id": "DEBIAN:DLA-1150-1:A6833", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00029.html", "title": "[SECURITY] [DLA 1150-1] wpa security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "nvidia": [{"lastseen": "2021-02-02T20:27:02", "bulletinFamily": "software", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "### Vulnerability Details\n\nThe following section summarizes the vulnerabilities. Descriptions use [CWE\u2122](<https://cwe.mitre.org/>) and risk assessments follow [CVSS](<https://www.first.org/cvss/user-guide>).\n\n#### CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088\n\nL4T ships with a reference root file system based upon the Ubuntu\u00ae Operating System, which is vulnerable to \u201cKRACK\u201d vulnerabilities. For more information about \u201cKRACK,\u201d see the Ubuntu Security Notice at <https://usn.ubuntu.com/usn/usn-3455-1/>.\n\n_NVIDIA\u2019s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to these issues at this time._\n", "modified": "2018-02-20T09:20:00", "published": "2017-12-20T00:00:00", "id": "NVIDIA:4601", "href": "http://nvidia.custhelp.com/app/answers/detail/a_id/4601", "type": "nvidia", "title": "Security Bulletin: NVIDIA Linux for Tegra (L4T) \u201cKRACK\u201d vulnerabilities", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "[1:2.6-5.1]\n- avoid key reinstallation (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,\n CVE-2017-13087, CVE-2017-13088)", "edition": 6, "modified": "2017-10-17T00:00:00", "published": "2017-10-17T00:00:00", "id": "ELSA-2017-2907", "href": "http://linux.oracle.com/errata/ELSA-2017-2907.html", "title": "wpa_supplicant security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "description": "[1:0.7.3-9.2]\n- Fix backport errors (CVE-2017-13077, CVE-2017-13080)\n[1:0.7.3-9.1]\n- avoid key reinstallation (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082)", "edition": 5, "modified": "2017-10-18T00:00:00", "published": "2017-10-18T00:00:00", "id": "ELSA-2017-2911", "href": "http://linux.oracle.com/errata/ELSA-2017-2911.html", "title": "wpa_supplicant security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T08:52:37", "description": "According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-11-16T00:00:00", "title": "EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2017-11-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1242.NASL", "href": "https://www.tenable.com/plugins/nessus/104577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104577);\n script_version(\"3.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2017-1242)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1242\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd673af0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:50:53", "description": "Mathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol, used for\nauthentication in wireless networks. Those vulnerabilities apply to\nboth the access point (implemented in hostapd) and the station\n(implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable\nsystem to reuse cryptographic session keys, enabling a range of\ncryptographic attacks against the ciphers used in WPA1 and WPA2. \n\nMore information can be found in the researchers's paper, Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2.\n\n - CVE-2017-13077 :\n reinstallation of the pairwise key in the Four-way\n handshake\n\n - CVE-2017-13078 :\n reinstallation of the group key in the Four-way\n handshake\n\n - CVE-2017-13079 :\n reinstallation of the integrity group key in the\n Four-way handshake\n\n - CVE-2017-13080 :\n reinstallation of the group key in the Group Key\n handshake\n\n - CVE-2017-13081 :\n reinstallation of the integrity group key in the Group\n Key handshake\n\n - CVE-2017-13082 :\n accepting a retransmitted Fast BSS Transition\n Reassociation Request and reinstalling the pairwise key\n while processing it\n\n - CVE-2017-13086 :\n reinstallation of the Tunneled Direct-Link Setup (TDLS)\n PeerKey (TPK) key in the TDLS handshake\n\n - CVE-2017-13087 :\n reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response\n frame\n\n - CVE-2017-13088 :\n reinstallation of the integrity group key (IGTK) when\n processing a Wireless Network Management (WNM) Sleep\n Mode Response frame", "edition": 36, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-17T00:00:00", "title": "Debian DSA-3999-1 : wpa - security update (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2017-10-17T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:wpa", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3999.NASL", "href": "https://www.tenable.com/plugins/nessus/103859", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3999. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103859);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"DSA\", value:\"3999\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Debian DSA-3999-1 : wpa - security update (KRACK)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mathy Vanhoef of the imec-DistriNet research group of KU Leuven\ndiscovered multiple vulnerabilities in the WPA protocol, used for\nauthentication in wireless networks. Those vulnerabilities apply to\nboth the access point (implemented in hostapd) and the station\n(implemented in wpa_supplicant).\n\nAn attacker exploiting the vulnerabilities could force the vulnerable\nsystem to reuse cryptographic session keys, enabling a range of\ncryptographic attacks against the ciphers used in WPA1 and WPA2. \n\nMore information can be found in the researchers's paper, Key\nReinstallation Attacks: Forcing Nonce Reuse in WPA2.\n\n - CVE-2017-13077 :\n reinstallation of the pairwise key in the Four-way\n handshake\n\n - CVE-2017-13078 :\n reinstallation of the group key in the Four-way\n handshake\n\n - CVE-2017-13079 :\n reinstallation of the integrity group key in the\n Four-way handshake\n\n - CVE-2017-13080 :\n reinstallation of the group key in the Group Key\n handshake\n\n - CVE-2017-13081 :\n reinstallation of the integrity group key in the Group\n Key handshake\n\n - CVE-2017-13082 :\n accepting a retransmitted Fast BSS Transition\n Reassociation Request and reinstalling the pairwise key\n while processing it\n\n - CVE-2017-13086 :\n reinstallation of the Tunneled Direct-Link Setup (TDLS)\n PeerKey (TPK) key in the TDLS handshake\n\n - CVE-2017-13087 :\n reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response\n frame\n\n - CVE-2017-13088 :\n reinstallation of the integrity group key (IGTK) when\n processing a Wireless Network Management (WNM) Sleep\n Mode Response frame\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/#paper\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3999\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wpa packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 2.3-1+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2:2.4-1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"hostapd\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpagui\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpasupplicant\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpasupplicant-udeb\", reference:\"2.3-1+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"hostapd\", reference:\"2:2.4-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpagui\", reference:\"2:2.4-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant\", reference:\"2:2.4-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.4-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:37", "description": "According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-11-16T00:00:00", "title": "EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2017-11-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1241.NASL", "href": "https://www.tenable.com/plugins/nessus/104576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104576);\n script_version(\"3.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13079\",\n \"CVE-2017-13080\",\n \"CVE-2017-13081\",\n \"CVE-2017-13082\",\n \"CVE-2017-13086\",\n \"CVE-2017-13087\",\n \"CVE-2017-13088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : wpa_supplicant (EulerOS-SA-2017-1241)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A new exploitation technique called key reinstallation\n attacks (KRACK) affecting WPA2 has been discovered. A\n remote attacker within Wi-Fi range could exploit these\n attacks to decrypt Wi-Fi traffic or possibly inject\n forged Wi-Fi packets by manipulating cryptographic\n handshakes used by the WPA2 protocol. (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13080, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the four-way\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13079)\n\n - Wi-Fi Protected Access (WPA and WPA2) that supports\n IEEE 802.11w allows reinstallation of the Integrity\n Group Temporal Key (IGTK) during the group key\n handshake, allowing an attacker within radio range to\n spoof frames from access points to\n clients.(CVE-2017-13081)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1241\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef8e7664\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:26:38", "description": "This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 41, "cvss3": {"score": 5.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2017:2745-1) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:wpa_supplicant", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource"], "id": "SUSE_SU-2017-2745-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103917", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2745-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103917);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2017:2745-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172745-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dfbd9fc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1705=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1705=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1705=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1705=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1705=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1705=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1705=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1705=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1705=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wpa_supplicant-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wpa_supplicant-debuginfo-2.2-15.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wpa_supplicant-debugsource-2.2-15.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:48:30", "description": "This update for wpa_supplicant fixes the following issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 37, "cvss3": {"score": 5.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "SUSE SLES11 Security Update : wpa_supplicant (SUSE-SU-2017:2752-1) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2752-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2752-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103920);\n script_version(\"3.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"SUSE SLES11 Security Update : wpa_supplicant (SUSE-SU-2017:2752-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wpa_supplicant fixes the following issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172752-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58d297a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-wpa_supplicant-13318=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-wpa_supplicant-13318=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-wpa_supplicant-13318=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"wpa_supplicant-0.7.1-6.18.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"wpa_supplicant-0.7.1-6.18.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:31:14", "description": "This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 27, "cvss3": {"score": 5.3, "vector": "AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-10-23T00:00:00", "title": "openSUSE Security Update : wpa_supplicant (openSUSE-2017-1163) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "modified": "2017-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo", "p-cpe:/a:novell:opensuse:wpa_supplicant", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo"], "id": "OPENSUSE-2017-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/104076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1163.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104076);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"openSUSE Security Update : wpa_supplicant (openSUSE-2017-1163) (KRACK)\");\n script_summary(english:\"Check for the openSUSE-2017-1163 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wpa_supplicant fixes the security issues :\n\n - Several vulnerabilities in standard conforming\n implementations of the WPA2 protocol have been\n discovered and published under the code name KRACK. This\n update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface\n properly with both vulnerable and patched\n implementations of WPA2, but an attacker won't be able\n to exploit the KRACK weaknesses in those connections\n anymore even if the other party is still vulnerable.\n [bsc#1056061, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056061\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-debuginfo-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-debugsource-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-gui-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wpa_supplicant-gui-debuginfo-2.2-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-debuginfo-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-debugsource-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-gui-2.2-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"wpa_supplicant-gui-debuginfo-2.2-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo / etc\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:14:56", "description": "Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2018-01-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-F45E844A85.NASL", "href": "https://www.tenable.com/plugins/nessus/106004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f45e844a85.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106004);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-f45e844a85\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f45e844a85\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"wpa_supplicant-2.6-11.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:21", "description": "Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-60BFB576B7.NASL", "href": "https://www.tenable.com/plugins/nessus/103896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-60bfb576b7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103896);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-60bfb576b7\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 26 : 1:wpa_supplicant (2017-60bfb576b7) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-60bfb576b7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wpa_supplicant-2.6-11.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:14", "description": "Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-18T00:00:00", "title": "Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087"], "modified": "2017-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-12E76E8364.NASL", "href": "https://www.tenable.com/plugins/nessus/103884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-12e76e8364.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103884);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"FEDORA\", value:\"2017-12e76e8364\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Fedora 25 : 1:wpa_supplicant (2017-12e76e8364) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix the for the Key Reinstallation Attacks\n==========================================\n\n - hostapd: Avoid key reinstallation in FT handshake\n (CVE-2017-13082)\n\n - Fix PTK rekeying to generate a new ANonce\n\n - Prevent reinstallation of an already in-use group key\n and extend protection of GTK/IGTK reinstallation of\n WNM-Sleep Mode cases (CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088)\n\n - Prevent installation of an all-zero TK\n\n - TDLS: Reject TPK-TK reconfiguration\n\n - WNM: Ignore WNM-Sleep Mode Response without pending\n request\n\n - FT: Do not allow multiple Reassociation Response frames\n\nUpstream advisory:\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-me\nssages.txt\n\nDetails and the paper: https://www.krackattacks.com/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-12e76e8364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.krackattacks.com/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"wpa_supplicant-2.6-3.fc25.1\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:11:06", "description": "New wpa_supplicant packages are available for Slackware 14.0, 14.1,\n14.2, and -current to fix security issues.", "edition": 32, "cvss3": {"score": 8.1, "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2017-10-19T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "modified": "2017-10-19T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:wpa_supplicant", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2017-291-02.NASL", "href": "https://www.tenable.com/plugins/nessus/103944", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-291-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103944);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13084\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\");\n script_xref(name:\"SSA\", value:\"2017-291-02\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : wpa_supplicant (SSA:2017-291-02) (KRACK)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New wpa_supplicant packages are available for Slackware 14.0, 14.1,\n14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.592891\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8d91289\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"i586\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"wpa_supplicant\", pkgver:\"2.6\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2021-02-27T19:51:38", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.8**\n\n * **ATTENTION**: Public exploits are available.\n * **Vendor**: Becton, Dickinson and Company (BD)\n * **Equipment**: Certain BD Pyxis Products\n * **Vulnerability**: Reusing a Nonce\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication or injection of data.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of BD Pyxis products, a medication and supply management system, are affected:\n\n * BD Pyxis Anesthesia ES,\n * BD Pyxis Anesthesia System 4000,\n * BD Pyxis Anesthesia System 3500,\n * BD Pyxis MedStation 4000 T2,\n * BD Pyxis MedStation ES,\n * BD Pyxis SupplyStation,\n * BD Pyxis Supply Roller,\n * BD Pyxis ParAssist System,\n * BD Pyxis PARx,\n * BD Pyxis CIISafe \u2013 Workstation,\n * BD Pyxis StockStation System, and\n * BD Pyxis Parx handheld\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)\n\nAn industry-wide vulnerability exists in the WPA and WPA2 protocol affected by the Key Reinstallation Attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): Reinstallation of the pairwise key during the four-way handshake.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): Reinstallation of the group key during the four-way handshake.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): Reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): Reinstallation of the group key during the group key handshake.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): Reinstallation of the IGTK during the group key handshake.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): Reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): Reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): Reinstallation of the IGTK when processing a WNM Sleep Mode Response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors: **Healthcare and Public Health\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location:** New Jersey\n\n### 3.4 RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered the KRACK vulnerabilities. BD reported to NCCIC that the KRACK vulnerabilities may possibly affect these products.\n\n## 4\\. MITIGATIONS\n\nBD has implemented third-party vendor patches through BD's routine patch deployment process that resolves these vulnerabilities for most devices. Some devices require coordination with BD. BD is in the process of contacting users to schedule and deploy patches. There is currently no reported verified instance of the KRACK vulnerability being exploited maliciously against BD devices.\n\nAdditionally, BD recommends the following compensating controls in order to reduce risk associated with this vulnerability:\n\n * Ensure the latest recommended updates for Wi-Fi access points have been implemented in Wi-Fi enabled networks\n * Ensure appropriate physical controls are in place to prevent attackers from being within physical range of an affected Wi-Fi access point and client\n * Ensure data has been backed up and stored according to individual processes and disaster recovery procedures\n\nBD has published a product security bulletin to notify users about this issue and to provide additional mitigation counsel. It can be found at the following location on their web page:\n\n<http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-wpa2-krack-wi-fi-vulnerability>\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSMA-18-114-01>); we'd welcome your feedback.\n", "modified": "2018-04-24T00:00:00", "published": "2018-04-24T00:00:00", "id": "ICSMA-18-114-01", "href": "https://www.us-cert.gov/ics/advisories/ICSMA-18-114-01", "type": "ics", "title": "BD Pyxis", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T19:50:48", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.8**\n\n * **ATTENTION:** Public exploits are available\n * **Vendor: **Stryker\n * **Equipment: **Secure II MedSurg Bed, S3 MedSurg Bed, and InTouch ICU Bed\n * **Vulnerability: **Reusing a Nonce\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication or injection of data.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following Stryker medical products are affected:\n\n * Secure II MedSurg Bed (enabled with iBed Wireless), Model: 3002,\n * S3 MedSurg Bed (enabled with iBed Wireless), Models: 3002 S3, and 3005 S3, and\n * InTouch ICU Bed (enabled with Bed Wireless), Models 2131, and 2141.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)**\n\nAn industry-wide vulnerability exists in the WPA and WPA2 protocol affected by the Key Reinstallation Attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse, resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames. \n\nThe following CVEs have been assigned to this group of vulnerabilities: \n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): Reinstallation of the pairwise key during the four-way handshake.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): Reinstallation of the group key during the four-way handshake.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): Reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): Reinstallation of the group key during the group key handshake.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): Reinstallation of the IGTK during the group key handshake.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): Reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): Reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): Reinstallation of the IGTK when processing a WNM Sleep Mode Response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Healthcare and Public Health\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **United States\n\n### 3.4 RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered the KRACK vulnerabilities. Stryker reported to NCCIC that the KRACK vulnerabilities may possibly affect these products.\n\n## 4\\. MITIGATIONS\n\nStryker has released software updates for affected products to mitigate the KRACK vulnerabilities. \n\n * Gateway 1.0 - no patch available\n * Gateway 2.0 - upgrade to software version 5212-400-905_3.5.002.01\n * Gateway 3.0 - patch incorporated in current software version 5212-500-905_4.3.001.01\n\nStryker recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n * If determined unnecessary by the user, the iBed wireless functionality may be disabled. \n * Stryker recommends these products operate on a separate VLAN, where possible, to ensure proper network security segmentation. \n * As an extra precaution, ensure the latest recommended updates (which includes the KRACK patch) for Wi-Fi access points, have been implemented in Wi-Fi enabled networks.\n\nFor additional questions, users can call 1-800-STRYKER, option 2 for Stryker Medical Technical Support.\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThis vulnerability is exploitable from an adjacent network. High skill level is needed to exploit.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSMA-19-029-01>); we'd welcome your feedback.\n", "modified": "2019-01-29T00:00:00", "published": "2019-01-29T00:00:00", "id": "ICSMA-19-029-01", "href": "https://www.us-cert.gov/ics/advisories/ICSMA-19-029-01", "type": "ics", "title": "Stryker Medical Beds", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T19:52:02", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "### **CVSS v3 8.1**\n\n**ATTENTION:** Low skill level is needed to exploit. Public exploits are available.\n\n**Vendor:** PEPPERL+FUCHS/ecom instruments\n\n**Equipment:** WLAN capable devices using the WPA2 Protocol\n\n**Vulnerabilities:** Reusing a Nonce\n\n## AFFECTED PRODUCTS\n\nPEPPERL+FUCHS/ecom instruments reports that these vulnerabilities affect all versions of the following WLAN capable devices using the WPA2 Protocol:\n\n * Tab-Ex 01,\n * Ex-Handy 09,\n * Ex-Handy 209,\n * Smart-Ex 01,\n * Smart-Ex 201,\n * Pad-Ex 01,\n * i.roc Ci70-Ex,\n * CK70A-ATEX,\n * CK71A-ATEX,\n * CN70A-ATEX, and\n * CN70E-ATEX.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to operate as a \u201cman-in-the-middle\u201d between the device and the wireless access point.\n\n## MITIGATION\n\nPEPPERL+FUCHS/ecom instruments report the following mitigations:\n\nAndroid\n\n * Affected Products: Tab-Ex 01, Ex-Handy 09, Ex-Handy 209, Smart-Ex 01, Smart-Ex 201\n * ecom instruments is actively working on these vulnerabilities. This advisory will updated as soon as further significant details are provided by the vendor, with an emphasis on information about available patches.\n\nWindows\n\n * Affected Products: Pad-Ex 01, i.roc Ci70-Ex, CK70A-ATEX, CK71A-ATEX, CN70A-ATEX, CN70E-ATEX\n * For ecom instruments devices running Windows, ecom instruments recommends users apply the security update provided by Microsoft. If users are using WPA-TKIP in their WLAN, users should switch to AES-CCMP immediately.\n\nFor more information CERT@VDE has released a security advisory found at:\n\n<https://cert.vde.com/de-de/advisories/vde-2017-005>\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\n## VULNERABILITY OVERVIEW\n\n## [REUSING A NONCE, KEY PAIR IN ENCRYPTION CWE-323](<https://cwe.mitre.org/data/definitions/323.html>)\n\nMultiple products are affected by key reinstallation attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a \u201cman-in-the-middle\u201d attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): Reinstallation of the pairwise key during the four-way handshake.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): Reinstallation of the group key during the four-way handshake.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): Reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): Reinstallation of the group key during the group key handshake.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): Reinstallation of the IGTK during the group key handshake.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): Reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): Reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): Reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): Reinstallation of the IGTK when processing a WNM Sleep Mode Response frame.\n\nA CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. PEPPERL+FUCHS reported to CERT@VDE that their products are affected. CERT@VDE coordinated these vulnerabilities with ICS-CERT.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Communications, Critical Manufacturing, Information Technology\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-353-02>); we'd welcome your feedback.\n", "modified": "2017-12-19T00:00:00", "published": "2017-12-19T00:00:00", "id": "ICSA-17-353-02", "href": "https://www.us-cert.gov/ics/advisories/ICSA-17-353-02", "type": "ics", "title": "PEPPERL+FUCHS/ecom instruments WLAN Capable Devices using the WPA2 Protocol", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T19:02:31", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** ABB\n\n**Equipment:** TropOS\n\n**Vulnerabilities:** Security Features\n\n## AFFECTED PRODUCTS\n\nABB reports that the key reinstallation attacks (KRACK) potentially affect all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\n## MITIGATION\n\nABB is working on remedial actions for all affected products.\n\nABB has released an advisory (1KHW02890) on their alerts and notification page:\n\n[http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch](<http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch>)\n\nThis advisory will be updated when firmware, including remedial measures, is available.\n\nThe TropOS mesh wireless interfaces are not vulnerable. Wired client interfaces (Ethernet, Serial) are not vulnerable. An attacker must be in physical proximity of the Wi-Fi access point and connected client to be successful. If the communication across the Wi-Fi link is encrypted at Layer 3 (e.g., SSH, SSL, HTTPS, or SNMPv3 encrypted), privacy is maintained during an otherwise successful attack. If possible, encrypt communication across the Wi-Fi link at Layer 3 using SSH, SSL, HTTPS, or SNMPv3. There is no complete workaround which allows protected Wi-Fi access to the TropOS Mesh.\n\nABB users with a current Complete Software Care or Complete Software + Hardware Care subscription are advised to contact ABB Wireless support on phone +1(408) 331 6800, ext. 4, or email [tropos.support@nam.abb.com](<mailto:tropos.support@nam.abb.com>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from adjacent networks. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nAn industry-wide vulnerability exists in the WPA2 key management algorithm devices that use IEEE 802.11w, including the TropOS broadband mesh routers listed above. The vulnerability may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): reinstallation of the pairwise key in the four-way handshake,\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): reinstallation of the group key in the four-way handshake,\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): reinstallation of the integrity group key in the four-way handshake,\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): reinstallation of the group key in the group key handshake,\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): reinstallation of the integrity group key in the group key handshake,\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): accepting a retransmitted fast BSS transition reassociation request and reinstalling the pairwise key while processing it,\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>): reinstallation of the STK key in the PeerKey handshake,\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): reinstallation of the tunneled direct-link setup (TDLS) PeerKey (TPK) key in the TDLS handshake,\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): reinstallation of the group key (GTK) when processing a wireless network management (WNM) sleep mode response frame, and\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): reinstallation of the integrity group key (IGTK) when processing a wireless network management (WNM) sleep mode response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered this vulnerability.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Critical Manufacturing, Energy\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Switzerland\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-02", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-02", "type": "ics", "title": "ABB TropOS", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-19T08:45:15", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** Siemens\n\n**Equipment:** SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was published November 14, 2017, on the NCCIC/ICS-CERT web site.\n\n## AFFECTED PRODUCTS\n\n**\\--------- Begin Update A Part 1 of 2 --------**\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * SCALANCE W1750D: All versions,\n * SCALANCE WLC711: All versions,\n * SCALANCE WLC712: All versions,\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to V6.2.1,\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions,\n * SIMATIC IWLAN-PB/LINK: All versions,\n * RUGGEDCOM RX1400 with WLAN interface: All versions,\n * RUGGEDCOM RS9xxW: All versions,\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions,\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions, and\n * SINAMICS V20 Smart Access Module: All versions.\n\n**\\--------- End Update A Part 1 of 2 ----------**\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay, or inject forged network packets into the wireless communication.\n\n## MITIGATION\n\n**\\--------- Begin Update A Part 2 of 2 --------**\n\nSiemens has provided the following update to address the vulnerabilities in the affected product:\n\n * SCALANCE W-700 (IEEE 802.11n): V6.2.1:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752596>\n\n**\\--------- End Update A Part 2 of 2 ----------**\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-901333 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "modified": "2017-12-18T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01A", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-01A", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update A)", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T18:53:46", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** Siemens\n\n**Equipment:** SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01A Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was published December 5, 2017, on the NCCIC/ICS-CERT web site.\n\n## AFFECTED PRODUCTS\n\n**\\--------- Begin Update B Part 1 of 2 --------**\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * SCALANCE W1750D: All versions,\n * SCALANCE WLC711: All versions,\n * SCALANCE WLC712: All versions,\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to V6.2.1,\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions,\n * SIMATIC IWLAN-PB/LINK: All versions,\n * RUGGEDCOM RX1400 with WLAN interface: All versions prior to V2.11.2,\n * RUGGEDCOM RS9xxW: All versions,\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions,\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions\n * SINAMICS V20 Smart Access Module: All versions, and\n * SIMATIC RF350M: All versions with Summit Client Utility prior to V22.3.5.16\n * SIMATIC RF650M: All versions with Summit Client Utility prior to V22.3.5.16.\n\n**\\--------- End Update B Part 1 of 2 ----------**\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay, or inject forged network packets into the wireless communication.\n\n## MITIGATION\n\n**\\--------- Begin Update B Part 2 of 2 --------**\n\nSiemens has provided the following updates to address the vulnerabilities in the affected products:\n\n * SCALANCE W-700 (IEEE 802.11n): V6.2.1:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752596>\n\n * RUGGEDCOM ROX II for RX1400 with WLAN interface: V2.11.2:\n\nContact the RUGGEDCOM support team at: <https://support.industry.siemens.com/my/WW/en/requests#createRequest>\n\n * SIMATIC RF350M and SIMATIC RF650M: V22.3.5.16 from:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752556>\n\n**\\--------- End Update B Part 2 of 2 ----------**\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-901333 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "modified": "2018-01-25T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01B", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-01B", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update B)", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T20:53:31", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** Siemens\n\n**Equipment:** SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01B Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was published December 19, 2017, on the NCCIC/ICS-CERT web site.\n\n## AFFECTED PRODUCTS\n\n**\\--------- Begin Update C Part 1 of 2 ----------**\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * SCALANCE W1750D: All versions,\n * SCALANCE WLC711: All versions prior to V9.21.19.003,\n * SCALANCE WLC712: All versions prior to V9.21.19.003,\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to V6.2.1,\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions,\n * SIMATIC IWLAN-PB/LINK: All versions,\n * RUGGEDCOM RX1400 with WLAN interface: All versions prior to V2.11.2,\n * RUGGEDCOM RS9xxW: All versions,\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions,\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions,\n * SINAMICS V20 Smart Access Module: All versions,\n * SIMATIC RF350M: All versions with Summit Client Utility prior to V22.3.5.16, and\n * SIMATIC RF650M: All versions with Summit Client Utility prior to V22.3.5.16.\n\n**\\--------- End Update C Part 1 of 2 ----------**\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay, or inject forged network packets into the wireless communication.\n\n## MITIGATION\n\n**\\--------- Begin Update C Part 2 of 2 --------**\n\nSiemens has provided the following updates to address the vulnerabilities in the affected products:\n\n * SCALANCE W-700 (IEEE 802.11n): Install V6.2.1:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752596>\n\n * RUGGEDCOM ROX II for RX1400 with WLAN interface: Install V2.11.2:\n\nContact the RUGGEDCOM support team at: <https://support.industry.siemens.com/my/WW/en/requests#createRequest>\n\n * SIMATIC RF350M and SIMATIC RF650M: V22.3.5.16 from:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752556>\n\n * SCALANCE WLC711 and SCALANCE WLC712: Install V9.21.19.003:\n\n<https://support.industry.siemens.com/cs/ww/en/view/109755170>\n\n**\\--------- End Update C Part 2 of 2 ----------**\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisories SSA-901333 and SSA-418456 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the NCCIC Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the [ICS-CERT web site](<https://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Germany\n", "modified": "2018-01-25T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01C", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-17-318-01C", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update C)", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-02-27T19:52:06", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.8**\n * **ATTENTION**: Exploitable remotely/low skill level to exploit/public exploits are available.\n * **Vendor**: Siemens\n * **Equipment**: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products\n * **Vulnerabilities**: Security Features\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update D) that was published April 24, 2018, on the NCCIC/ICS-CERT website.\n\n## 3\\. RISK EVALUATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update E) that was published November 13, 2018, on the NCCIC/ICS-CERT website.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nSiemens reports that the key reinstallation attacks (KRACK) potentially affect the following Siemens industrial products:\n\n * RUGGEDCOM RS9xxW: All versions\n * RUGGEDCOM RX1400 with WLAN interface: All versions prior to v2.11.2\n * SCALANCE W-700 (IEEE 802.11a/b/g): All versions\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to v6.2.1\n * SCALANCE W1750D: All versions prior to v6.5.1.5-4.3.1.8\n * SCALANCE WLC711: All versions prior to v9.21.19.003\n * SCALANCE WLC712: All versions prior to v9.21.19.003\n * SIMATIC ET200 PRO IM154-6 PN IWLAN: All versions\n * SIMATIC IWLAN-PB/LINK: All versions\n * SIMATIC Mobile Panel 277(F) IWLAN: All versions\n\n**\\--------- Begin Update F Part 1 of 2 ---------**\n\n * SINAMICS v20 Smart Access Module: All versions prior to v01.03.01\n\n**\\--------- End Update F Part 1 of 2 ---------**\n\n * SIMATIC RF350M: All versions with Summit Client Utility prior to v22.3.5.16\n * SIMATIC RF650M: All versions with Summit Client Utility prior to v22.3.5.16\n\n### 4.2 VULNERABILITY OVERVIEW\n\n### 4.2.1 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake.\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.2 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.3 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N>)).\n\n### 4.2.4 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the group temporal key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.5 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the integrity group temporal key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.6 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the pairwise transient key (PTK) temporal key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 4.2.7 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the station-to-station-link (STSL) transient key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 4.2.8 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) allows reinstallation of the tunneled direct-link setup (TDLS) peer key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n### 4.2.9 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the group temporal key (GTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.2.10 [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nWi-Fi protected access (WPA and WPA2) that support 802.11v allows reinstallation of the integrity group temporal key (IGTK) when processing a wireless network management (WNM) sleep mode response frame, allowing an attacker within radio range to replay frames from access points to clients.\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>) has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N>)).\n\n### 4.3 BACKGROUND\n\n * **Critical Infrastructure Sectors: **Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location:** Germany\n\n### 4.4 RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered these vulnerabilities.\n\n## 5\\. MITIGATIONS\n\nSiemens has provided the following updates to address the vulnerabilities in the affected products:\n\n * RUGGEDCOM ROX II for RX1400 with WLAN interface: Install v2.11.2\n\nContact the RUGGEDCOM support team at:\n\n<https://support.industry.siemens.com/my/WW/en/requests#createRequest>\n\n * SCALANCE W-700 (IEEE 802.11n): Install v6.2.1 or newer\n\n<https://support.industry.siemens.com/cs/us/en/ps/21965/dl>\n\n * SCALANCE W1750D: Install v6.5.1.5-4.3.1.8\n\n<https://support.industry.siemens.com/cs/ww/en/view/109756771>\n\n * SCALANCE WLC711 and SCALANCE WLC712: Install v9.21.19.003\n\n<https://support.industry.siemens.com/cs/ww/en/view/109755170>\n\n**\\--------- Begin Update F Part 2 of 2 ---------**\n\n * SINAMICS v20 Smart Access Module: Update to v01.03.01\n\n<https://support.industry.siemens.com/cs/ww/en/view/109765008>\n\n**\\--------- End Update F Part 2 of 2 ---------**\n\n * SIMATIC RF350M and SIMATIC RF650M: update to v22.3.5.16\n\n<https://support.industry.siemens.com/cs/ww/en/view/109752556>\n\nSCALANCE W1750D devices are not vulnerable in the default configuration. Only users who enable the \u201cMesh\u201d or \u201cWiFi uplink\u201d functionality are affected by the vulnerabilities. Disabling these functionalities will completely mitigate the vulnerabilities.\n\nSCALANCE WLC711 and WLC712 can deactivate IEEE 802.11r, \u201cMeshConnect,\u201d and \u201cClient Bridge Mode\u201d to reduce the risk, provided these modes have been activated and are not required for the operation of the wireless environment. All three functions are turned off by default.\n\nSCALANCE W-700 standalone Access Points, RUGGEDCOM RX1400 and RS9xxW, are not vulnerable if operated in Access Point mode.\n\nSCALANCE W-700 standalone devices, SIMATIC Mobile Panel 277F IWLAN, and SIMATIC ET200 WLAN, are not affected if the iPCF, iPCF-MC, or iPCF-HT features are enabled.\n\nFor the remaining affected products or if the mitigations outlined previously cannot be implemented, Siemens recommends the following mitigations in the meantime:\n\n * Ensure multiple layers of security. Do not depend on the security of WPA2 alone.\n * Use WPA2-CCMP (AES) instead of WPA2-TKIP or WPA-GCMP, if supported by the WLAN clients, to reduce the risk of potential attacks.\n * Apply defense-in-depth.\n\n<https://www.siemens.com/cert/operational-guidelines-industrial-security>\n\nFor more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisories SSA-901333 and SSA-418456 at the following location:\n\n<http://www.siemens.com/cert/en/cert-security-advisories.htm>\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from an adjacent network. High skill level is needed to exploit.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-318-01>); we'd welcome your feedback.\n", "modified": "2019-04-09T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-01", "href": "https://www.us-cert.gov/ics/advisories/ICSA-17-318-01", "type": "ics", "title": "Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update F)", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T19:52:06", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "### **CVSS v3 6.8**\n\n**Vendor:** ABB\n\n**Equipment:** TropOS\n\n**Vulnerabilities:** Security Features\n\n## UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-17-318-02 ABB TropOS that was published November 14, 2017, on the NCCIC/ICS-CERT website.\n\n## AFFECTED PRODUCTS\n\nABB reports that the key reinstallation attacks (KRACK) potentially affect all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior.\n\n## IMPACT\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\n## MITIGATION\n\n### **\\----------Begin Update A Part 1 of 1 --------**\n\nABB has released Mesh OS version 8.5.3 to address these vulnerabilities.\n\nABB has released an advisory (1KHW02890) on their alerts and notification page:\n\n[http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch](<http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch>)\n\n### **\\--------- End Update A Part 1 of 1 ----------**\n\nABB is working on remedial actions for all affected products.\n\nABB has released an advisory (1KHW02890) on their alerts and notification page:\n\n[http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch](<http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW02890&Action=Launch>)\n\nThis advisory will be updated when firmware, including remedial measures, is available.\n\nThe TropOS mesh wireless interfaces are not vulnerable. Wired client interfaces (Ethernet, Serial) are not vulnerable. An attacker must be in physical proximity of the Wi-Fi access point and connected client to be successful. If the communication across the Wi-Fi link is encrypted at Layer 3 (e.g., SSH, SSL, HTTPS, or SNMPv3 encrypted), privacy is maintained during an otherwise successful attack. If possible, encrypt communication across the Wi-Fi link at Layer 3 using SSH, SSL, HTTPS, or SNMPv3. There is no complete workaround which allows protected Wi-Fi access to the TropOS Mesh.\n\nABB users with a current Complete Software Care or Complete Software + Hardware Care subscription are advised to contact ABB Wireless support on phone +1(408) 331 6800, ext. 4, or email [tropos.support@nam.abb.com](<mailto:tropos.support@nam.abb.com>).\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nThese vulnerabilities have been publicly disclosed. These vulnerabilities are exploitable from adjacent networks. High skill level is needed to exploit.\n\n## VULNERABILITY OVERVIEW\n\n## [SECURITY FEATURES CWE-254](<https://cwe.mitre.org/data/definitions/254.html>)\n\nAn industry-wide vulnerability exists in the WPA2 key management algorithm devices that use IEEE 802.11w, including the TropOS broadband mesh routers listed above. The vulnerability may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network.\n\nThe following CVEs have been assigned to this group of vulnerabilities:\n\n[CVE-2017-13077](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077>): reinstallation of the pairwise key in the four-way handshake,\n\n[CVE-2017-13078](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078>): reinstallation of the group key in the four-way handshake,\n\n[CVE-2017-13079](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079>): reinstallation of the integrity group key in the four-way handshake,\n\n[CVE-2017-13080](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080>): reinstallation of the group key in the group key handshake,\n\n[CVE-2017-13081](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081>): reinstallation of the integrity group key in the group key handshake,\n\n[CVE-2017-13082](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13082>): accepting a retransmitted fast BSS transition reassociation request and reinstalling the pairwise key while processing it,\n\n[CVE-2017-13084](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13084>): reinstallation of the STK key in the PeerKey handshake,\n\n[CVE-2017-13086](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086>): reinstallation of the tunneled direct-link setup (TDLS) PeerKey (TPK) key in the TDLS handshake,\n\n[CVE-2017-13087](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087>): reinstallation of the group key (GTK) when processing a wireless network management (WNM) sleep mode response frame, and\n\n[CVE-2017-13088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088>): reinstallation of the integrity group key (IGTK) when processing a wireless network management (WNM) sleep mode response frame.\n\nA CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N>)).\n\n## RESEARCHER\n\nMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium, discovered this vulnerability.\n\n## BACKGROUND\n\n**Critical Infrastructure Sectors:** Critical Manufacturing, Energy\n\n**Countries/Areas Deployed:** Worldwide\n\n**Company Headquarters Location:** Switzerland\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-318-02A>); we'd welcome your feedback.\n", "modified": "2018-02-15T00:00:00", "published": "2017-11-14T00:00:00", "id": "ICSA-17-318-02A", "href": "https://www.us-cert.gov/ics/advisories/ICSA-17-318-02A", "type": "ics", "title": "ABB TropOS (Update A)", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-10-18T16:52:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "This update for wpa_supplicant fixes the security issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2017-10-18T15:07:12", "published": "2017-10-18T15:07:12", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html", "id": "OPENSUSE-SU-2017:2755-1", "type": "suse", "title": "Security update for wpa_supplicant (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-17T20:11:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "This update for wpa_supplicant fixes the security issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n", "edition": 1, "modified": "2017-10-17T18:11:19", "published": "2017-10-17T18:11:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html", "id": "SUSE-SU-2017:2745-1", "type": "suse", "title": "Security update for wpa_supplicant (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-17T22:11:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13081", "CVE-2017-13087"], "description": "This update for wpa_supplicant fixes the following issues:\n\n - Several vulnerabilities in standard conforming implementations of the\n WPA2 protocol have been discovered and published under the code name\n KRACK. This update remedies those issues in a backwards compatible\n manner, i.e. the updated wpa_supplicant can interface properly with both\n vulnerable and patched implementations of WPA2, but an attacker won't be\n able to exploit the KRACK weaknesses in those connections anymore even\n if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078,\n CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087,\n CVE-2017-13088]\n\n", "edition": 1, "modified": "2017-10-17T21:07:43", "published": "2017-10-17T21:07:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html", "id": "SUSE-SU-2017:2752-1", "type": "suse", "title": "Security update for wpa_supplicant (important)", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "Arch Linux Security Advisory ASA-201710-22\n==========================================\n\nSeverity: High\nDate : 2017-10-16\nCVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080\nCVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088\nPackage : wpa_supplicant\nType : man-in-the-middle\nRemote : Yes\nLink : https://security.archlinux.org/AVG-447\n\nSummary\n=======\n\nThe package wpa_supplicant before version 1:2.6-11 is vulnerable to\nman-in-the-middle.\n\nResolution\n==========\n\nUpgrade to 1:2.6-11.\n\n# pacman -Syu \"wpa_supplicant>=1:2.6-11\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-13077 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\npairwise encryption key (PTK-TK) in the 4-way handshake.\n\n- CVE-2017-13078 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the 4-way handshake.\n\n- CVE-2017-13079 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the 4-way handshake.\n\n- CVE-2017-13080 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the group key handshake.\n\n- CVE-2017-13081 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the group key handshake.\n\n- CVE-2017-13082 (man-in-the-middle)\n\nA vulnerability has been discovered that allows accepting a\nretransmitted FT Reassociation Request and reinstalling the pairwise\nkey (PTK) while processing it.\n\n- CVE-2017-13087 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) when processing a Wireless Network Management (WNM)\nSleep Mode Response frame.\n\n- CVE-2017-13088 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) when processing a Wireless Network\nManagement (WNM) Sleep Mode Response frame.\n\nImpact\n======\n\nA remote attacker within physical proximity to the target WiFi network\nis able to decrypt all data that the victim transmits, inject arbitrary\npackets to hijack TCP connection or replay unicast and group-addressed\nframes.\n\nReferences\n==========\n\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://papers.mathyvanhoef.com/ccs2017.pdf\nhttps://www.kb.cert.org/vuls/id/228519\nhttps://www.krackattacks.com/\nhttps://w1.fi/cgit/hostap/commit/?id=53bb18cc8b7a4da72e47e4b3752d0d2135cffb23\nhttps://w1.fi/cgit/hostap/commit/?id=0adc9b28b39d414d5febfff752f6a1576f785c85\nhttps://w1.fi/cgit/hostap/commit/?id=cb5132bb35698cc0c743e34fe0e845dfc4c3e410\nhttps://w1.fi/cgit/hostap/commit/?id=0e3bd7ac684a2289aa613347e2f3ad54ad6a9449\nhttps://w1.fi/cgit/hostap/commit/?id=e760851176c77ae6de19821bb1d5bf3ae2cb5187\nhttps://w1.fi/cgit/hostap/commit/?id=2a9c5217b18be9462a5329626e2f95cc7dd8d4f1\nhttps://w1.fi/cgit/hostap/commit/?id=87e2db16bafcbc60b8d0016175814a73c1e8ed45\nhttps://security.archlinux.org/CVE-2017-13077\nhttps://security.archlinux.org/CVE-2017-13078\nhttps://security.archlinux.org/CVE-2017-13079\nhttps://security.archlinux.org/CVE-2017-13080\nhttps://security.archlinux.org/CVE-2017-13081\nhttps://security.archlinux.org/CVE-2017-13082\nhttps://security.archlinux.org/CVE-2017-13087\nhttps://security.archlinux.org/CVE-2017-13088", "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "ASA-201710-22", "href": "https://security.archlinux.org/ASA-201710-22", "type": "archlinux", "title": "[ASA-201710-22] wpa_supplicant: man-in-the-middle", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "Arch Linux Security Advisory ASA-201710-23\n==========================================\n\nSeverity: High\nDate : 2017-10-16\nCVE-ID : CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080\nCVE-2017-13081 CVE-2017-13082 CVE-2017-13087 CVE-2017-13088\nPackage : hostapd\nType : man-in-the-middle\nRemote : Yes\nLink : https://security.archlinux.org/AVG-448\n\nSummary\n=======\n\nThe package hostapd before version 2.6-6 is vulnerable to man-in-the-\nmiddle.\n\nResolution\n==========\n\nUpgrade to 2.6-6.\n\n# pacman -Syu \"hostapd>=2.6-6\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-13077 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\npairwise encryption key (PTK-TK) in the 4-way handshake.\n\n- CVE-2017-13078 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the 4-way handshake.\n\n- CVE-2017-13079 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the 4-way handshake.\n\n- CVE-2017-13080 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) in the group key handshake.\n\n- CVE-2017-13081 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) in the group key handshake.\n\n- CVE-2017-13082 (man-in-the-middle)\n\nA vulnerability has been discovered that allows accepting a\nretransmitted FT Reassociation Request and reinstalling the pairwise\nkey (PTK) while processing it.\n\n- CVE-2017-13087 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\ngroup key (GTK) when processing a Wireless Network Management (WNM)\nSleep Mode Response frame.\n\n- CVE-2017-13088 (man-in-the-middle)\n\nA vulnerability has been discovered that allows reinstallation of the\nintegrity group key (IGTK) when processing a Wireless Network\nManagement (WNM) Sleep Mode Response frame.\n\nImpact\n======\n\nA remote attacker within physical proximity to the target WiFi network\nis able to decrypt all data that the victim transmits, inject arbitrary\npackets to hijack TCP connection or replay unicast and group-addressed\nframes.\n\nReferences\n==========\n\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://papers.mathyvanhoef.com/ccs2017.pdf\nhttps://www.kb.cert.org/vuls/id/228519\nhttps://www.krackattacks.com/\nhttps://w1.fi/cgit/hostap/commit/?id=53bb18cc8b7a4da72e47e4b3752d0d2135cffb23\nhttps://w1.fi/cgit/hostap/commit/?id=0adc9b28b39d414d5febfff752f6a1576f785c85\nhttps://w1.fi/cgit/hostap/commit/?id=cb5132bb35698cc0c743e34fe0e845dfc4c3e410\nhttps://w1.fi/cgit/hostap/commit/?id=0e3bd7ac684a2289aa613347e2f3ad54ad6a9449\nhttps://w1.fi/cgit/hostap/commit/?id=e760851176c77ae6de19821bb1d5bf3ae2cb5187\nhttps://w1.fi/cgit/hostap/commit/?id=2a9c5217b18be9462a5329626e2f95cc7dd8d4f1\nhttps://w1.fi/cgit/hostap/commit/?id=87e2db16bafcbc60b8d0016175814a73c1e8ed45\nhttps://security.archlinux.org/CVE-2017-13077\nhttps://security.archlinux.org/CVE-2017-13078\nhttps://security.archlinux.org/CVE-2017-13079\nhttps://security.archlinux.org/CVE-2017-13080\nhttps://security.archlinux.org/CVE-2017-13081\nhttps://security.archlinux.org/CVE-2017-13082\nhttps://security.archlinux.org/CVE-2017-13087\nhttps://security.archlinux.org/CVE-2017-13088", "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "ASA-201710-23", "href": "https://security.archlinux.org/ASA-201710-23", "type": "archlinux", "title": "[ASA-201710-23] hostapd: man-in-the-middle", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "modified": "2017-10-17T02:21:04", "published": "2017-10-17T02:21:04", "id": "FEDORA:0DD9C604DD0F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: wpa_supplicant-2.6-3.fc25.1", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "modified": "2017-10-16T17:59:17", "published": "2017-10-16T17:59:17", "id": "FEDORA:AA0BE60A8642", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: wpa_supplicant-2.6-11.fc26", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13087", "CVE-2017-13088"], "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "modified": "2017-10-17T00:20:50", "published": "2017-10-17T00:20:50", "id": "FEDORA:1714A6074A50", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: wpa_supplicant-2.6-11.fc27", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2017-11-15T22:30:40", "published": "2017-11-15T22:30:40", "id": "FEDORA:6384860875B6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: hostapd-2.6-6.fc25", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2017-11-15T20:23:27", "published": "2017-11-15T20:23:27", "id": "FEDORA:6D2216047E58", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: hostapd-2.6-6.fc26", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2017-11-15T17:59:04", "published": "2017-11-15T17:59:04", "id": "FEDORA:0CCFB604C905", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: hostapd-2.6-6.fc27", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2019-02-01T18:02:15", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-11-30T00:00:00", "published": "2017-11-17T00:00:00", "id": "HUAWEI-SA-20171117-01-WPA", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-01-wpa-en", "title": "Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products", "type": "huawei", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "myhack58": [{"lastseen": "2017-10-18T13:09:05", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "2017 10 on 16 September, called KRACK vulnerability flaws bug invasion attack method is expressed, for WiFi+WPA2 collect intrusion attack. \nKRACK tension is the application of 802. 11i 4-way handshake vulnerability in the flaws bug to the ultimate completion of the decryption and fabricated encrypted WiFi traffic, the vulnerability flaws of the bug from the imec-DistriNet of Mathy Vanhoef and KU Leuven invention. This vulnerability flaws bug confound a variety of intrusion attack patterns, AP popular terminal, the relay terminal, and the client are affected. \nBased on krackattacks. com and the sector manufacturers announced the network security notification Bulletin comprehensive analysis, contains Linux,Android, Cisco wireless products, OpenBSD, MacOS, Windows, iOS and other product or platform, the impact was widespread. \n360CERT initiatives of the client product users, IoT, router manufacturers as soon as possible to stop the coherent vulnerability flaws bug the evaluation of the query visit. \nReference:tips for translation the key heavy intrusion: forced WPA2 reuse the Nonce. \n0x01 confound the impact \nAffect \nKRACK vulnerability flaws bug the size of widespread, affect large. \nKRACK vulnerability flaws bug may be formed WiFi+WPA2 encrypted network traffic may be intrusion the attacker to decrypt or inject vicious thoughts intrusion packet, the CAN will leak contains password, etc., \u9690\u8877 information, but the application HTTPS application layer encryption layer flow is not affected. \n360CERT a comprehensive analysis, this vulnerability flaws bug confound the impact is large, vulnerability flaws bug-grade tensions, no large-scale realistic intrusion case generated, the temporary assessment for a large collection of network security turmoil. \nVulnerability flaws bug information \nCVE-2017-13077: 4-way handshake when the key pair(PTK-TK)overload vulnerability flaws bug \nCVE-2017-13078: 4-way handshake when the GTK overloaded vulnerability flaws bug \nCVE-2017-13079: 4-way handshake when the IGTK overload vulnerability flaws bug \nCVE-2017-13080: group key handshake GTK overloaded vulnerability flaws bug \nCVE-2017-13081: group key handshake when the IGTK overload vulnerability flaws bug \nCVE-2017-13082: take over the FT reconnection pleadingly, the key pair(PTK-TK)overload vulnerability flaws bug \nCVE-2017-13084 rotate: PeerKey handshake when the STK key overload vulnerability flaws bug \nCVE-2017-13086: TDLS handshake when the TDLS,TPK overload vulnerability flaws bug \nCVE-2017-13087: disposal of WNM sleep in the form of the corresponding frame GTK overloaded vulnerability flaws bug \nCVE-2017-13088: disposal of WNM sleep in the form of the corresponding frame IGTK overload vulnerability flaws bug \nImpact version \nNote:the sector information on the origin[reference 3] \nArch Linux \nArista \nAruba \nBroadcom \nCisco \nDD-WRT \nDebian \nExtreme Networks \nFedora \nFreeBSD \nLenovo \nJuniper \nIntel Corporation \nLineageOS \nLXDE \nMarvell \nMeraki \nMicrosoft \nMikroTik \nMojo Networks \nSynology \nTurris ' Omnia \nUbiquiti \nUbuntu \nUniFi \nVMware \nWatchguard Cloud \nWindows 10 \nWPA_supplicant \n0x02 sector skills information \nNote:the sector information from the[reference 1]and[reference 4] \n802.11 i the agreement, i.e.: WPA2 agreements via the process in two from the force of the mechanism to package data transmission secrecy. The first one is in the record layer via the process of encryption of the WiFi frame method, the package frustration is plaintext read or sniffing. The encryption mechanism on weekdays is via the process of AES-CCM method, of course, also there is sector to start the GCM form, and another sector of the old RC4-TKIP method. \nThe necessary exertions at the discretion of the AES-CCM(also contains the GCM, TKIP)is a stream cipher, which means that the reuse of the encryption parameters of the key and the nonce(i.e. initialization vector)the environment is able to be the invasion attack. 802.11 i is based on the packet count(packet number, number)method, which is in the session established after the initial value is 0, and will absolutely not incremented\uff08while to 2^48 time, it will trigger the update key to manipulate it. As a result, assuming that the packet Count is not reset environment, it is possible to win preparedness key+nonce reuse invasion attack. \nThe second mechanism is the AP and the client supplicant between the 4-way handshake process, the tensions used to negotiate the encryption key. KRACK vulnerability flaws bugs will be indirectly applied to the 4-way handshake#3 packet#3 packet can be used for the client a new key device application. \n! [](/Article/UploadPic/2017-10/20171018161235834. png? www. myhack58. com) \nKRACK of nervous vulnerability flaws bug is that the #3 package can be vicious thoughts blocked. When this environment is generated, the AP Client will retransmit this news, will lead to strange of a key in the client be re-installed. Bring a reaction is will also incur packet count will be reset to 0 for sector clients, such as Android6, the key is reset to 0), The Ultimate, it will trigger the key+nonce reuse invasion attack. The invasion of the attacker to be able to apply it to all traffic decryption, TCP coerce, etc. \nAnything else, otherwise the following 2 types of intrusion attacks: \nContains the customer really based on GTK intrusion attacks; \nFor the AP really 802. 11 RFT handshake invasion attack; \nMore specific tips details can be found 360CERT translation of the key heavy intrusion: forced WPA2 reuse the Nonce. \nQ & A \nNote:the sector information from the[reference 1] \nI need to swap the WiFi password? \nChange WiFi password and does not contribute to the attack and the vulnerability flaws bug you with unnecessary changes. The same, you should Deposit concern that you application client, Android, IoT product can update, the router firmware can update. Of course if you do, then you can take this update down your WiFi password. \nOnly support AES Suite WPA2 is also affected by the vulnerability. the bug affect? \nYes, also subject to. \nMy equipment can also affected? \nIf your equipment Support WiFi+WPA2 adapter(such as mobile phones, laptops, etc.), it can also be affected, please consult the coherent vendors. \nIf my router did not announce the update? \nWhile the invasion of the attacker's application can be for the customers really, what, then router, etc. is also dangerous. Initiative you first contact your vendor to determine next whether there are network security updates, of course, you can also choice to have the network security updates 360 network security router. \nI should temporarily switch to WEP until my gear is updated? \nNo, this is definitely not a good choice. \nThis intrusion seems very difficult? \nJust theory and no then difficult, and even quite popular briefly. Absolutely don't think this intrusion is very difficult. \n0x03 network security initiatives \nThe initiative of the user as soon as the evaluation itself, the client,and the device corresponding to the network security update\n", "edition": 1, "modified": "2017-10-18T00:00:00", "published": "2017-10-18T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/89609.htm", "id": "MYHACK58:62201789609", "title": "KRACK: WPA2 series of vulnerabilities in the event of early warning-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 5.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "\nwpa_supplicant developers report:\n\nA vulnerability was found in how a number of implementations can be\n\t triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\n\t replaying a specific frame that is used to manage the keys.\n\n", "edition": 6, "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "D670A953-B2A1-11E7-A633-009C02A2AB30", "href": "https://vuxml.freebsd.org/freebsd/d670a953-b2a1-11e7-a633-009c02a2ab30.html", "title": "WPA packet number reuse with replayed messages and key reinstallation", "type": "freebsd", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2019-05-08T22:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nYou can use F5 products to mitigate the potential damage by such an attack by limiting what information an attacker may obtain. For example, you can use F5 products that implement SSL/TLS offloading, and BIG-IP APM SSL VPN to protect data in transit across WiFi networks. You can use F5 MobileSafe and WebSafe Application-Layer Encryption to protect data before it transits potentially compromised WiFi networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-10-18T00:01:00", "published": "2017-10-17T23:37:00", "id": "F5:K23642330", "href": "https://support.f5.com/csp/article/K23642330", "title": "Multiple WPA2 vulnerabilities (KRACK)", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "thn": [{"lastseen": "2018-01-27T10:06:54", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "[![wpa2-krack-wifi-hacking](https://4.bp.blogspot.com/-V8dDL9Kefnc/WeRTm2l5ATI/AAAAAAAAuY0/MEaxpP-Xiogl9mWcFyr4J03EzrG2zxZMwCLcBGAs/s1600/wpa2-krack-wifi-hacking.png)](<https://4.bp.blogspot.com/-V8dDL9Kefnc/WeRTm2l5ATI/AAAAAAAAuY0/MEaxpP-Xiogl9mWcFyr4J03EzrG2zxZMwCLcBGAs/s1600/wpa2-krack-wifi-hacking.png>)\n\nDo you think your wireless network is secure because you're using WPA2 encryption? \n \nIf yes, think again! \n \nSecurity researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. \n \nWPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices\u2014including in our homes and businesses, along with the networking companies that build them. \n \nDubbed **KRACK**\u2014**Key Reinstallation Attack**\u2014the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. \n \nSince the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected. \n \nAccording to the researchers, the newly discovered attack works against: \n \n\n\n * Both WPA1 and WPA2,\n * Personal and enterprise networks,\n * Ciphers WPA-TKIP, AES-CCMP, and GCMP\n \nIn short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks. \n \nIt should be noted that the KRACK attack does not help attackers recover the targeted WiFi's password; instead, it allows them to decrypt WiFi users' data without cracking or knowing the actual password. \n \nSo merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack. \n \n\n\n### Here's How the KRACK WPA2 Attack Works (PoC Code):\n\n \n\n\n \nDiscovered by researcher Mathy Vanhoef of imec-DistriNet, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic. \n \nFor a successful KRACK attack, an attacker needs to trick a victim into re-installing an already-in-use key, which is achieved by manipulating and replaying cryptographic handshake messages. \n\n\n> \"When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value,\" the researcher writes. \n\n> \"Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.\"\n\nThe research [[PDF](<https://papers.mathyvanhoef.com/ccs2017.pdf>)], titled **_Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2_**, has been published by Mathy Vanhoef of KU Leuven and Frank Piessens of imec-DistriNet, Nitesh Saxena and Maliheh Shirvanian of the University of Alabama at Birmingham, Yong Li of Huawei Technologies, and Sven Sch\u00e4ge of Ruhr-Universit\u00e4t Bochum. \n \nThe team has successfully executed the key reinstallation attack against an Android smartphone, showing how an attacker can decrypt all data that the victim transmits over a protected WiFi. You can watch the video demonstration above and download [**proof-of-concept (PoC) **](<https://github.com/vanhoefm/krackattacks-test-ap-ft>)[**code**](<https://github.com/vanhoefm/krackattacks-test-ap-ft>) from Github. \n\n\n> \"Decryption of packets is possible because a key reinstallation attack causes the transmit nonces (sometimes also called packet numbers or initialization vectors) to be reset to zero. As a result, the same encryption key is used with nonce values that have already been used in the past,\" the researcher say.\n\nThe researchers say their key reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher, because _\"Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info).\"_ \n_ \n_ However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended WiFi network. \n \n\n\n### WPA2 Vulnerabilities and their Brief Details \n\n \nThe key management vulnerabilities in the WPA2 protocol discovered by the researchers has been tracked as: \n \n\n\n * **CVE-2017-13077**: Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.\n * **CVE-2017-13078**: Reinstallation of the group key (GTK) in the four-way handshake.\n * **CVE-2017-13079**: Reinstallation of the integrity group key (IGTK) in the four-way handshake.\n * **CVE-2017-13080**: Reinstallation of the group key (GTK) in the group key handshake.\n * **CVE-2017-13081**: Reinstallation of the integrity group key (IGTK) in the group key handshake.\n * **CVE-2017-13082**: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.\n * **CVE-2017-13084**: Reinstallation of the STK key in the PeerKey handshake.\n * **CVE-2017-13086**: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.\n * **CVE-2017-13087**: reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n * **CVE-2017-13088**: reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n \nThe researchers discovered the vulnerabilities last year, but sent out notifications to several vendors on July 14, along with the United States Computer Emergency Readiness Team (US-CERT), who sent out a broad warning to hundreds of vendors on 28 August 2017. \n\n\n> \"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others,\" the US-CERT warned. \"Note that as protocol-level issues, most or all correct implementations of the standard will be affected.\"\n\nIn order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors. \n \nAccording to researchers, the communication over HTTPS is secure (but may not be 100 percent secure) and cannot be decrypted using the KRACK attack. So, you are advised to use a [secure VPN service](<https://thehackernews.com/2017/05/secure-best-vpn-service.html>)\u2014which encrypts all your Internet traffic whether it\u2019s HTTPS or HTTP. \n \nYou can read more information about these vulnerabilities on the KRACK attack's [dedicated website](<https://www.krackattacks.com/>), and the research paper. \n \nThe team has also [released a script](<https://github.com/vanhoefm/krackattacks-test-ap-ft>) using which you can check whether if your WiFi network is vulnerable to the KRACK attack or not. \n \nWe will keep updating the story. Stay Tuned!\n", "modified": "2017-10-19T16:43:49", "published": "2017-10-15T23:21:00", "id": "THN:29EC2E0BD61CF15B2E756ECA04EDFF50", "href": "https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html", "type": "thn", "title": "KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded.\n This update includes patches to mitigate the WPA2 protocol issues known\n as \"KRACK\" (Key Reinstallation AttaCK), which may be used to decrypt data,\n hijack TCP connections, and to forge and inject packets. This is the\n list of vulnerabilities that are addressed here:\n CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the\n 4-way handshake.\n CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.\n CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way\n handshake.\n CVE-2017-13080: Reinstallation of the group key (GTK) in the group key\n handshake.\n CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group\n key handshake.\n CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)\n Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)\n while processing it.\n CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.\n CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)\n PeerKey (TPK) key in the TDLS handshake.\n CVE-2017-13087: reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response frame.\n CVE-2017-13088: reinstallation of the integrity group key (IGTK) when\n processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n For more information, see:\n https://www.krackattacks.com/\n https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nd8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nf25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz\n\nSlackware x86_64 -current package:\n464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz", "modified": "2017-10-18T19:36:09", "published": "2017-10-18T19:36:09", "id": "SSA-2017-291-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.592891", "type": "slackware", "title": "[slackware-security] wpa_supplicant", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-11-11T02:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "### Background\n\nwpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers. \n\n### Description\n\nWiFi Protected Access (WPA and WPA2) and it\u2019s associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nAn attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll hostapd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-wireless/hostapd-2.6-r1\"\n \n\nAll wpa_supplicant users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=net-wireless/wpa_supplicant-2.6-r3\"", "edition": 1, "modified": "2017-11-10T00:00:00", "published": "2017-11-10T00:00:00", "href": "https://security.gentoo.org/glsa/201711-03", "id": "GLSA-201711-03", "title": "hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks", "type": "gentoo", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cisco": [{"lastseen": "2020-12-24T11:41:05", "bulletinFamily": "software", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "A vulnerability in the processing of the 802.11 PeerKey handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force an STSL to reinstall a previously used STK.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between the stations and retransmitting previously used messages exchanges between stations.\n\nA vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used pairwise key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.\n\nA vulnerability in the processing of the 802.11r Fast BSS (Basic Service Set) Transition handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force an authenticator to reinstall a previously used pairwise key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping on an FT handshake, and then replaying the reassociation request from the supplicant to the authenticator.\n\nA vulnerability in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping and retransmitting previously used WNM Sleep Mode Response frames.\n\nA vulnerability in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping and retransmitting previously used WNM Sleep Mode Response frames.\n\nA vulnerability in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages could allow an unauthenticated, adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.\n\nThe vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by passively eavesdropping on a TDLS handshake and retransmitting previously used message exchanges between supplicant and authenticator.\n\nOn October 16, 2017, a research paper with the title \u201cKey Reinstallation Attacks: Forcing Nonce Reuse in WPA2\u201d was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.\n\nAmong these ten vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), while the other nine vulnerabilities may affect only client devices.\n\nMultiple Cisco wireless products are affected by these vulnerabilities.\n\nCisco will release software updates that address these vulnerabilities. There are workarounds that addresses the vulnerabilities in CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, and CVE-2017-13082. There are no workarounds for CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa\"]", "modified": "2018-01-02T17:35:41", "published": "2017-10-16T14:00:00", "id": "CISCO-SA-20171016-WPA", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa", "type": "cisco", "title": "Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", "cvss": {"score": 4.3, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:16", "bulletinFamily": "bugbounty", "bounty": 25000.0, "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Full background information is at [krackattacks.com](https://www.krackattacks.com) and all detailed information can be found in our [research paper](https://papers.mathyvanhoef.com/ccs2017.pdf).\n\n# Key Reinstallation Attack: 4-way handshake example\n\nWe use the 4-way handshake to illustrate the idea behind key reinstallation attacks (CVE-2017-13077).\nNote that in practice, all protected Wi-Fi network rely on the 4-way handshake to derive a fresh session key (PTK) from some shared secret.\n\n### Step 1. Channel-based man-in-the-middle and initial handshake messages:\n\n* The adversary clones the access point (AP) on a different channel. Say the real AP is on channel 6, and it will be cloned on channel 1.\n* The adversary uses Channel Switch Announcements to force victims into connecting to the cloned AP on channel 1.\n* The adversary forwards the first three message of the 4-way handshake between the client and AP (i.e. the adversary fowards frames over the different channels).\n* After the client receives message 3 of the handshake, it will install the fresh session key (PTK) for the first time.\n\n### Step 2. Triggering a key reinstallation:\n\n* The attacker does not forward message 4 of the handshake to the AP, effectively blocking it.\n* As a result, the AP will retransmit message 3 to the client.\n* After the client receives message 3, it responds with message 4. In practice all clients encrypt this retransmitted message 4 at the link layer. Note that it's encrypted because message 4 an ordinary data frame, and the victim has already installed the session key to encrypt data frames (recall end of step 1). The victim will **use a nonce value of 1 to encrypt** message 4.\n* After sending message 4, the client will reinstall the session key. This **resets the transmit nonce** to zero.\n\n### Step 3. Abusing nonce reuse:\n\n* When the client now transmit a normal encrypted data frame, it will increment the nonce counter, and then **reuse the nonce value 1 when encrypting the data frame**.\n* We can derive known keystream from the encrypted retransmitted message 4 (recall step 2), and use this to decrypt parts of the just transmitted encrypted data frame.\n* Other predictable packets (ARP, DHCP, HTML, and so on) can be used to obtain additional known plaintext and keystream, which can in turn be used to decrypt more and bigger packets.\n\nThe above example attack against the 4-way handshake is also illustrated in my [CCS'17 presentation](https://papers.mathyvanhoef.com/ccs2017-slides.pdf).\n\n# Other handshakes\n\nOther Wi-Fi handshakes or features that were found to be vulnerable to key reinstallation attacks are:\n- Reinstallation of group keys in the 4-way handshake: CVE-2017-13078 and CVE-2017-13079\n- The group key handshake: CVE-2017-13080 and CVE-2017-13081\n- The Fast BSS Transition (FT) handshake: CVE-2017-13082\n- The PeerKey handshake: CVE-2017-13084\n- The Tunneled Direct-Link Setup (TDLS) handshake: CVE-2017-13086\n- Handling of Wireless Network Management (WNM) Sleep Mode Response frame: CVE-2017-13087 and CVE-2017-13088.\n\n# Countermeasures\n\nImplementations can be updated to prevent key reinstallation attacks in a backwards-compatible manner.\n\nAs an additional mitigation, an access point can also prevent most attacks against vulnerable clients.\nIn particular, attacks against the 4-way handshake can be prevented by not retransmitting message 3.\nSimilarly, attacks against the group key handshake can be prevented by not retransmitting message 1 of the group key handshake. Alternatively, the access point can retransmit these two handshake messages using the previously used EAPOL-Key replay counter.\n\n# Additional Contributions\n\n- We helped with writing several [patches for hostap](https://w1.fi/security/2017-1/), which is used in Linux, Android, and several professional APs.\n- We wrote most parts of the [patch to OpenBSD](https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/027_net80211_replay.patch.sig).\n- We created vulnerability test tools to detect if devices are vulnerable. [The Wi-Fi Alliance](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update) is using these to [test if new products are affected](https://www.wi-fi.org/security-update-october-2017) or not. These test tools will be released publically once they are stable enough.", "modified": "2017-11-03T00:37:55", "published": "2017-11-02T22:08:43", "id": "H1:286740", "href": "https://hackerone.com/reports/286740", "type": "hackerone", "title": "The Internet: Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "hp": [{"lastseen": "2020-10-13T01:02:16", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "description": "## Potential Security Impact\nKRACK Attacks \n\n## VULNERABILITY SUMMARY\nOn October 16, security researchers publicly announced vulnerabilities in the WiFi WPA2 standard. See the References section below for links to additional resources describing the KRACK Attacks WPA2 potential vulnerabilities in detail.\n\nThe HP printing devices and networking accessories listed below are susceptible to the applicable vulnerabilities (CVE) noted in the References section below. However, the vulnerabilities described in the CVEs can be mitigated for each of these devices and accessories as set forth in the Workarounds section below.\n\n * HP LaserJet Enterprise printers and multifunction printers\n\n * HP LaserJet Managed printers and multifunction printers\n\n * HP LaserJet Pro printers and multifunction printers\n\n * HP PageWide Enterprise printers and multifunction printers\n\n * HP PageWide Pro printers and multifunction printers\n\n * HP OfficeJet Enterprise series printers and multifunction printers\n\n * HP OfficeJet Pro printers and multifunction printers\n\n * HP Inkjet (DeskJet, Envy, PhotoSmart) printers and multifunction printers\n\n * HP DesignJet large format printers\n\n * HP JetDirect wireless print server accessories\n\n## RESOLUTION\nCustomers may mitigate risk for the identified vulnerabilities through one of the methods listed below. Devices vary in configuration procedures, so please refer to the product user guide for specific instructions.\n\n * Do not use unpatched clients to connect to the print device Wi-Fi Direct network. Wi-Fi Direct implementation is not impacted, but unpatched mobile devices could be subject to attack when connecting to Wi-Fi Direct\n\n * Configure the wireless access point or printer to only allow WPA2-AES/CCMP mode, thus disabling WPA-TKIP\n\n * Use only TLS enabled protocols to communicate with the printer\n\n * Turning off printer Wi-Fi and using Ethernet or USB\n\n**What can you do?**\n\nSubscribe to HP real-time security information: All HP products use a common centralized Security Bulletin process managed by HP\u00b4s Product Security Response Team (PSRT). Subscribe to HP Security Bulletins by following these steps:\n\n 1. Go to <http://www.hp.com/go/support>. \n\n 2. Click **Get software and drivers**. \n\n 3. Find your product.\n\n 4. Scroll to the bottom of the page and under **Other support resources**, click **Sign up for driver, support & security alerts**. \n\n 5. Follow the onscreen prompts to sign up for alerts.\n", "edition": 2, "modified": "2018-01-09T00:00:00", "published": "2018-01-09T00:00:00", "id": "HP:C05872536", "href": "https://support.hp.com/us-en/document/c05872536", "title": "HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities", "type": "hp", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T13:21:46", "bulletinFamily": "software", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13081", "CVE-2017-13077"], "description": "## Potential Security Impact\nRemote disclosure of information.\n\n**Source:**Mathy Vanhoef of imec-DistriNet, KU Leuven \n\n## VULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2. This vulnerability known as Key Reinstallation Attacks or \u201cKRACK attacks\u201d which could potentially be exploited remotely to allow disclosure of information.\n\n## RESOLUTION\nHP has provided firmware updates for potentially impacted printers for the products listed in the table below. \n\nTo obtain the updated firmware, go to the HP Software site and search for your printer model. \n\n> note:\n> \n> Some FutureSmart printers have multiple firmware platforms\u2014FutureSmart 3 (FS3) and FutureSmart 4 (FS4). Select the appropriate firmware version for the required FutureSmart platform.\n\n> note:\n> \n> For firmware marked with *, please [contact HP](<https://support.hp.com/contact-hp>) support to obtain the firmware update. \n\nProduct Name\n\n| \n\nModel Number\n\n| \n\nFirmware Revision \n \n---|---|--- \n \nHP LaserJet Enterprise M506 (4-line display)\n\n| \n\nF2A68A, F2A69A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nHP LaserJet Enterprise M506 (4-line display)\n\n| \n\nF2A66A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nHP LaserJet Enterprise M506\n\n| \n\nF2A70A, F2A71A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nFS4: 2405135_000396 (or higher)* \n \nHP LaserJet Managed M506\n\n| \n\nF2A67A\n\n| \n\nFS3: 2308937_578489 (or higher) \n \nFS4: 2405135_000396 (or higher)* \n \nHP Color LaserJet Enterprise M551\n\n| \n\nCF081A, CF082A,CF083A\n\n| \n\nFS3: 2308937_578506 (or higher) \n \nHP Color LaserJet Enterprise M552\n\n| \n\nB5L23A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Enterprise M553 (4-line display)\n\n| \n\nB5L24A, B5L25A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Managed M553 series (4-line display)\n\n| \n\nB5L38A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nHP Color LaserJet Enterprise M553\n\n| \n\nB5L26A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nFS4: 2405135_000400 (or higher)* \n \nHP Color LaserJet Enterprise M553\n\n| \n\nB5L39A\n\n| \n\nFS3: 2308937_578487 (or higher) \n \nFS4: 2405135_000400 (or higher)* \n \nHP OfficeJet Enterprise Color X555\n\n| \n\nC2S11A, C2S11V, C2S12A, C2S12V, L1H45A\n\n| \n\nFS3: 2308937_578482 (or higher) \n \nFS4: 2405135_000398 (or higher) \n \nHP PageWide Enterprise Color 556\n\n| \n\nG1W46A, G1W46V, G1W47A, G1W47V, L3U44A\n\n| \n\nFS3: 2308937_578491 (or higher) \n \nFS4: 2405135_000394 (or higher) \n \nHP PageWide Managed Color E55650 series\n\n| \n\nL3U44A\n\n| \n\nFS3: 2308937_578491 (or higher) \n \nFS4: 2405135_000394 (or higher) \n \nHP LaserJet Enterprise M601\n\n| \n\nCE989A, CE990A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M602 \n\n| \n\nCE991A, CE992A, CE993A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M603 \n\n| \n\nCE994A, CE995A, CE996A\n\n| \n\nFS3: 2308937_578503 (or higher) \n \nHP LaserJet Enterprise M604 \n\n| \n\nE6B67A, E6B68A \n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M605 (4-line display)\n\n| \n\nE6B69A, E6B70A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M605 \n\n| \n\nE6B71A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nFS4: 2405135_000395 (or higher)* \n \nHP LaserJet Enterprise M606 (4-line display)\n\n| \n\nE6B72A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nHP LaserJet Enterprise M606 \n\n| \n\nE6B73A\n\n| \n\nFS3: 2308937_578490 (or higher) \n \nFS4: 2405135_000395 (or higher)* \n \nHP LaserJet Enterprise M607 \n\n| \n\nK0Q14A, K0Q15A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Enterprise M608 \n\n| \n\nK0Q17A, K0Q18A, M0P32A, K0Q19A \n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Enterprise M609\n\n| \n\nK0Q20A, K0Q21A, K0Q22A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60055 \n\n| \n\nM0P33A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60065 \n\n| \n\nM0P35A, M0P36A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP LaserJet Managed E60075 \n\n| \n\nM0P39A, M0P40A\n\n| \n\nFS4: 2405135_000377 (or higher) \n \nHP Color LaserJet Enterprise M651\n\n| \n\nCZ255A, CZ256A, CZ257A, CZ258A\n\n| \n\nFS3: 2308937_578497 (or higher) \n \nHP Color LaserJet Managed M651 series\n\n| \n\nH0DC9A, L8Z07A\n\n| \n\nFS3: 2308937_578497 (or higher) \n \nFS4: 2405135_000389 (or higher) \n \nHP Color LaserJet Enterprise M652\n\n| \n\nJ7Z98A, J7Z99A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Enterprise M653\n\n| \n\nJ8A04A, J8A05A, J8A06A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Managed E65050\n\n| \n\nL3U55A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP Color LaserJet Managed E65060\n\n| \n\nL3U56A, L3U57A\n\n| \n\nFS4: 2405135_000378 (or higher) \n \nHP LaserJet Enterprise M712\n\n| \n\nCF235A, CF236A, CF238A\n\n| \n\nFS3: 2308937_578504 (or higher) \n \nHP Color LaserJet Enterprise M750\n\n| \n\nD3L08A, D3L09A, D3L10A\n\n| \n\nFS3: 2308937_578501 (or higher) \n \nHP PageWide Enterprise Color 765\n\n| \n\nJ7Z04A\n\n| \n\nFS4: 2405347_024812 (or higher) \n \nHP PageWide Managed Color E75160\n\n| \n\nJ7Z06A\n\n| \n\nFS4: 2405347_024812 (or higher) \n \nHP LaserJet Enterprise M806 \n\n| \n\nCZ244A, CZ245A\n\n| \n\nFS3: 2308937_578500 (or higher) \n \nFS4: 2405135_000404 (or higher) \n \nHP Color LaserJet Enterprise M855\n\n| \n\nA2W77A, A2W78A, A2W79A, D7P73A\n\n| \n\nFS3: 2308937_578499 (or higher)) \n \nFS4: 2405135_000399 (or higher) \n \nHP LaserJet Enterprise MFP M525\n\n| \n\nCF116A, CF117A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Enterprise flow MFP M525\n\n| \n\nCF118A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Managed MFP M525 series\n\n| \n\nL3U59A , L3U60A\n\n| \n\nFS3: 2308937_578493 (or higher) \n \nFS4: 2405135_000390 (or higher) \n \nHP LaserJet Enterprise MFP M527\n\n| \n\nF2A76A, F2A77A, F2A81A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Flow MFP M527\n\n| \n\nF2A78V\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Managed MFP M527\n\n| \n\nF2A79A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Managed Flow MFP M527\n\n| \n\nF2A80A\n\n| \n\nFS3: 2308937_578485 (or higher) \n \nFS4: 2405135_000384 (or higher) \n \nHP LaserJet Enterprise Color MFP M575\n\n| \n\nCD644A, CD645A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet 500 Color Flow MFP M575 series\n\n| \n\nCD646A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP LaserJet Enterprise Managed MFP M575\n\n| \n\nL3U46A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet Managed Flow MFP M575 series\n\n| \n\nL3U45A\n\n| \n\nFS3: 2308937_578502 (or higher) \n \nFS4: 2405135_000409 (or higher) \n \nHP Color LaserJet Enterprise MFP M577\n\n| \n\nB5L46A, B5L47A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M577\n\n| \n\nB5L48A, B5L54A \n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Managed MFP M577 series\n\n| \n\nB5L49A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP Color LaserJet Managed Flow MFP M577 series\n\n| \n\nB5L50A\n\n| \n\nFS3: 2308937_578488 (or higher) \n \nFS4: 2405135_000385 (or higher) \n \nHP OfficeJet Enterprise Color MFP X585\n\n| \n\nB5L04A, B5L05A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP OfficeJet Enterprise Color Flow MFP X585\n\n| \n\nB5L06A, B5L07A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP OfficeJet Managed Color MFP X585\n\n| \n\nL3U40A, L3U41A\n\n| \n\nFS3: 2308937_578483 (or higher) \n \nFS4: 2405135_000392 (or higher) \n \nHP PageWide Enterprise Color MFP 586\n\n| \n\nG1W39A, G1W39V, G1W40A, G1W40V\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Enterprise Color Flow MFP 586\n\n| \n\nG1W41A, G1W41V\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Managed Color MFP E58650 series\n\n| \n\nL3U42A\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP PageWide Managed Color MFP Flow E58650 series\n\n| \n\nL3U43A\n\n| \n\nFS3: 2308937_578492 (or higher) \n \nFS4: 2405135_000393 (or higher) \n \nHP LaserJet Enterprise MFP M630\n\n| \n\nB3G85A, J7X28A, B3G84A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Enterprise Flow MFP M630\n\n| \n\nP7Z47A, B3G86A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Managed MFP M630\n\n| \n\nL3U61A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Managed Flow MFP M630\n\n| \n\nL3U62A, P7Z48A\n\n| \n\nFS3: 2308937_578479 (or higher) \n \nFS4: 2405135_000387 (or higher) \n \nHP LaserJet Enterprise MFP M631\n\n| \n\nJ8J64A, J8J63A, J8J65A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Enterprise MFP M632\n\n| \n\nJ8J70A, J8J71A, J8J72A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Enterprise MFP M633\n\n| \n\nJ8J76A, J8J78A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed MFP E62555dn\n\n| \n\nJ8J66A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62555dn\n\n| \n\nJ8J67A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed MFP E62565hs\n\n| \n\nJ8J73A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62565h, z\n\n| \n\nJ8J74A, J8J79A \n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP LaserJet Managed Flow MFP E62575z\n\n| \n\nJ8J80A\n\n| \n\nFS4: 2405135_000386 (or higher) \n \nHP Color LaserJet Enterprise MFP M680\n\n| \n\nCZ248A, CZ249A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M680\n\n| \n\nCZ250A, CA251A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Managed MFP M680\n\n| \n\nL3U47A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Managed Flow MFP M680\n\n| \n\nL3U48A\n\n| \n\nFS3: 2308937_578496 (or higher) \n \nFS4: 2405135_000388 (or higher) \n \nHP Color LaserJet Enterprise MFP M681\n\n| \n\nJ8A10A, J8A11A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M681f\n\n| \n\nJ8A12A, J8A13A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M682\n\n| \n\nJ8A17A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Enterprise MFP M682\n\n| \n\nJ8A16A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed Flow MFP E67550\n\n| \n\nL3U67A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed Flow MFP E67560\n\n| \n\nL3U70A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed MFP E67550d\n\n| \n\nL3U66A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP Color LaserJet Managed MFP E67560d\n\n| \n\nL3U69A\n\n| \n\nFS4: 2405135_000382 (or higher) \n \nHP LaserJet Enterprise MFP M725\n\n| \n\nCF066A, CF067A, CF068A, CF069A\n\n| \n\nFS3: 2308937_578498 (or higher) \n \nFS4: 2405135_000401 (or higher) \n \nHP LaserJet Managed MFP 725 series\n\n| \n\nL3U63A, L3U64A\n\n| \n\nFS3: 2308937_578498 (or higher) \n \nFS4: 2405135_000401 (or higher) \n \nHP LaserJet Enterprise 700 color MFP M775 series\n\n| \n\nCC522A, CC523A, CC524A\n\n| \n\nFS3: 2308937_578505 (or higher) \n \nFS4: 2405135_000405 (or higher) \n \nHP Color LaserJet Managed MFP M775 series\n\n| \n\nL3U49A, L3U50A\n\n| \n\nFS3: 2308937_578505 (or higher) \n \nFS4: 2405135_000405 (or higher) \n \nHP PageWide Enterprise Color MFP 780\n\n| \n\nJ7Z10A, J7Z09A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Enterprise Color MFP 785\n\n| \n\nJ7Z11A, J7Z12A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color MFP E77650\n\n| \n\nJ7Z05A, J7Z08A, J7A13A, J7Z14A, Z5G79A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color Flow MFP E77650\n\n| \n\nJ7Z08A, J7Z14A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color Flow MFP E77660\n\n| \n\nZ5G77A, J7Z03A, J7Z07A, J7Z05A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP PageWide Managed Color MFP E77650\n\n| \n\nJ7Z13A, Z5G79A\n\n| \n\nFS4: 2405347_024813 (or higher) \n \nHP LaserJet Enterprise Flow MFP M830z\n\n| \n\nCF367A, D7P68A\n\n| \n\nFS3: 2308937_578495 (or higher) \n \nFS4: 2405135_000402 (or higher) \n \nHP LaserJet Managed Flow MFP M830 series\n\n| \n\nL3U65A\n\n| \n\nFS3: 2308937_578495 (or higher) \n \nFS4: 2405135_000402 (or higher) \n \nHP Color LaserJet Enterprise Flow MFP M880\n\n| \n\nA2W76A, A2W75A, D7P70A, D7P71A, D7P68A\n\n| \n\nFS3: 2308937_578494 (or higher) \n \nFS4: 2405135_000397 (or higher) \n \nHP Color LaserJet Managed MFP M880 series\n\n| \n\nL3U51A, L3U52A, L3U65A\n\n| \n\nFS3: 2308937_578494 (or higher) \n \nFS4: 2405135_000397 (or higher) \n \nHP LaserJet Managed MFP E82540 series\n\n| \n\nX3A69A, X3A68A, Z8Z19A, Z8Z18A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E82550\n\n| \n\nX3A72A, X3A71A, Z8Z21A, Z8Z20A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E82560\n\n| \n\nX3A79A, Z8Z23A, Z8Z22A, X3A75A, X3A74A\n\n| \n\nFS4: 2405347_024815 (or higher) \n \nHP LaserJet Managed MFP E72525\n\n| \n\nX3A59A, X3A60A, Z8Z06A, Z8Z07A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP LaserJet Managed MFP E72530\n\n| \n\nX3A62A, X3A63, Z8Z09A, Z8Z08A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP LaserJet Managed MFP E72535\n\n| \n\nX3A65, X3A66A, Z8Z11A, Z8Z10A\n\n| \n\nFS4: 2405347_024821 (or higher) \n \nHP Color LaserJet Managed MFP E87640\n\n| \n\nX3A87A, X3A86A, Z8Z12A, Z8Z13A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E87650\n\n| \n\nX3A90A, X3A89A, Z8Z14A, Z8Z15A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E87660\n\n| \n\nX3A92A, X3A93A, Z8Z16A, Z8Z17A\n\n| \n\nFS4: 2405347_024814 (or higher) \n \nHP Color LaserJet Managed MFP E77822\n\n| \n\nX3A78A, X3A77A, Z8Z00A, Z8Z01A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Color LaserJet Managed MFP E77825\n\n| \n\nX3A81A, X3A80A, Z8Z02A, Z8Z03A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Color LaserJet Managed MFP E77830\n\n| \n\nX3A84A, X3A83A, Z8Z05A, Z8Z04A\n\n| \n\nFS4: 2405347_024820 (or higher) \n \nHP Digital Sender Flow 8500 fn1 Document Capture Workstation\n\n| \n\nL2717A\n\n| \n\nFS3: 2308937_578486 (or higher) \n \nHP Digital Sender Flow 8500 fn2 Document Capture Workstation\n\n| \n\nL2762A\n\n| \n\nFS4: 2405135_000408 (or higher) \n \nHP JetDirect 3000w\n\n| \n\nJ8030A\n\n| \n\nLocate firmware for print product \n \nHP JetDirect 2900nw\n\n| \n\nJ8031A\n\n| \n\nLocate firmware for print product \n \nHP DesignJet T730 36-in Printer\n\n| \n\nF9A29A, F9A29B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T730 with Rugged Case\n\n| \n\nT5D66A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 36-in Multifunction Printer\n\n| \n\nF9A30A, F9A30B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 MFP with Rugged Case \n\n| \n\nT5D67A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 MFP with armor case\n\n| \n\n1JL02A\n\n| \n\n1840A (or higher) \n \nHP DesignJet T830 24-in MFP Printer\n\n| \n\nF9A28A, F9A28B\n\n| \n\n1840A (or higher) \n \nHP DesignJet T120 24-in Printer\n\n| \n\nCQ891A, CQ891B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T120 24-in 2018 ed. Printer\n\n| \n\nCQ891C\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 24-in Printer\n\n| \n\nCQ890A, CQ890B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 24-in 2018 ed. Printer\n\n| \n\nCQ890C\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 36-in Printer \n\n| \n\nCQ893A, CQ893B\n\n| \n\n1809AR (or higher) \n \nHP DesignJet T520 36-in 2018 ed. Printer\n\n| \n\nCQ893C\n\n| \n\n1809AR (or higher)\n", "edition": 4, "modified": "2020-08-19T00:00:00", "published": "2018-01-12T00:00:00", "id": "HP:C05876244", "href": "https://support.hp.com/us-en/document/c05876244", "title": "HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products", "type": "hp", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:38:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2907\n\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es):\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/034607.html\n\n**Affected packages:**\nwpa_supplicant\n\n**Upstream details at:**\n", "edition": 6, "modified": "2017-10-17T21:54:54", "published": "2017-10-17T21:54:54", "href": "http://lists.centos.org/pipermail/centos-announce/2017-October/034607.html", "id": "CESA-2017:2907", "title": "wpa_supplicant security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.\n\nSecurity Fix(es):\n\n* A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.", "modified": "2018-04-12T03:31:46", "published": "2017-10-18T00:14:23", "id": "RHSA-2017:2907", "href": "https://access.redhat.com/errata/RHSA-2017:2907", "type": "redhat", "title": "(RHSA-2017:2907) Important: wpa_supplicant security update", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13088", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13088"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13088", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13087", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13087"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13087", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13087", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13079", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13079"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13079", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13078", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13078"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13078", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13086", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13086"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13086", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13081", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13081"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13081", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-10-17T02:29:00", "title": "CVE-2017-13077", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13077"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13077", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.", "edition": 6, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-17T13:29:00", "title": "CVE-2017-13080", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080"], "modified": "2020-11-10T21:15:00", "cpe": ["cpe:/a:w1.fi:wpa_supplicant:0.6.8", "cpe:/a:w1.fi:hostapd:2.6", "cpe:/a:w1.fi:hostapd:0.5.9", "cpe:/a:w1.fi:wpa_supplicant:2.2", "cpe:/a:w1.fi:wpa_supplicant:1.1", "cpe:/a:w1.fi:hostapd:0.5.8", "cpe:/a:w1.fi:hostapd:2.2", "cpe:/a:w1.fi:hostapd:0.6.9", "cpe:/a:w1.fi:hostapd:0.6.10", "cpe:/a:w1.fi:hostapd:0.3.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.9", "cpe:/o:suse:linux_enterprise_point_of_sale:11", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/a:w1.fi:hostapd:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.4.11", "cpe:/o:freebsd:freebsd:*", "cpe:/a:w1.fi:wpa_supplicant:0.2.5", "cpe:/a:w1.fi:hostapd:0.4.7", "cpe:/a:w1.fi:hostapd:0.3.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:w1.fi:wpa_supplicant:0.6.10", "cpe:/a:w1.fi:hostapd:2.4", "cpe:/a:w1.fi:hostapd:0.4.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/a:w1.fi:wpa_supplicant:1.0", "cpe:/o:freebsd:freebsd:10.4", "cpe:/a:w1.fi:wpa_supplicant:2.3", "cpe:/a:w1.fi:wpa_supplicant:2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:w1.fi:wpa_supplicant:0.2.7", "cpe:/a:w1.fi:hostapd:0.2.5", "cpe:/a:w1.fi:hostapd:1.0", "cpe:/a:w1.fi:wpa_supplicant:0.4.10", "cpe:/a:w1.fi:wpa_supplicant:2.1", "cpe:/a:w1.fi:hostapd:2.3", "cpe:/a:w1.fi:hostapd:2.0", "cpe:/a:w1.fi:wpa_supplicant:0.5.10", "cpe:/a:w1.fi:wpa_supplicant:0.4.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.8", "cpe:/a:w1.fi:hostapd:1.1", "cpe:/a:w1.fi:hostapd:0.5.11", "cpe:/a:w1.fi:wpa_supplicant:2.5", "cpe:/a:w1.fi:wpa_supplicant:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:2.6", "cpe:/a:w1.fi:hostapd:0.2.6", "cpe:/a:w1.fi:wpa_supplicant:0.2.6", "cpe:/a:w1.fi:hostapd:0.2.4", "cpe:/a:w1.fi:hostapd:0.4.11", "cpe:/a:w1.fi:wpa_supplicant:0.5.11", "cpe:/a:w1.fi:hostapd:0.2.8", "cpe:/a:w1.fi:hostapd:0.4.9", "cpe:/a:w1.fi:wpa_supplicant:0.2.4", "cpe:/a:w1.fi:wpa_supplicant:0.2.8", "cpe:/a:w1.fi:hostapd:2.1", "cpe:/o:freebsd:freebsd:11", "cpe:/a:w1.fi:wpa_supplicant:0.6.9", "cpe:/a:w1.fi:wpa_supplicant:0.5.8", "cpe:/a:w1.fi:wpa_supplicant:0.4.9", "cpe:/a:w1.fi:hostapd:0.3.9", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:w1.fi:hostapd:0.5.10", "cpe:/o:suse:openstack_cloud:6", "cpe:/o:redhat:enterprise_linux_desktop:7", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:w1.fi:hostapd:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.4.8", "cpe:/a:w1.fi:hostapd:0.6.8", "cpe:/o:freebsd:freebsd:11.1", "cpe:/a:w1.fi:wpa_supplicant:2.4", "cpe:/a:w1.fi:hostapd:0.4.8", "cpe:/o:opensuse:leap:42.2", "cpe:/a:w1.fi:hostapd:0.7.3", "cpe:/a:w1.fi:wpa_supplicant:0.3.9", "cpe:/o:freebsd:freebsd:10", "cpe:/a:w1.fi:hostapd:0.3.7", "cpe:/a:w1.fi:wpa_supplicant:0.5.7", "cpe:/a:w1.fi:wpa_supplicant:0.3.11", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:w1.fi:wpa_supplicant:0.3.10", "cpe:/o:redhat:enterprise_linux_server:7"], "id": "CVE-2017-13080", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*", "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:42:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4476", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2016-4477", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-13087", "CVE-2017-13086"], "description": "Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly \nhandled WPA2. A remote attacker could use this issue with key \nreinstallation attacks to obtain sensitive information. (CVE-2017-13077, \nCVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, \nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled \ninvalid characters in passphrase parameters. A remote attacker could use \nthis issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled \ninvalid characters in passphrase parameters. A local attacker could use \nthis issue to cause a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-4477)", "edition": 5, "modified": "2017-10-16T00:00:00", "published": "2017-10-16T00:00:00", "id": "USN-3455-1", "href": "https://ubuntu.com/security/notices/USN-3455-1", "title": "wpa_supplicant and hostapd vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "lenovo": [{"lastseen": "2020-07-15T07:26:47", "bulletinFamily": "info", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-13078", "CVE-2017-13088", "CVE-2017-13084", "CVE-2017-13081", "CVE-2017-13077", "CVE-2017-5729", "CVE-2017-13087", "CVE-2017-13086"], "description": "**Lenovo Security Advisory**: LEN-17420\n\n**Potential Impact: **An attacker could manipulate the vulnerability to affect clients through arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames\n\n**Severity:** High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2017-5729, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088\n\n**Summary Description:**\n\nIntel CVE-2017-5729 has been already mitigated in the recommended drivers.\n\nThe Wi-Fi standard uses the Wi-Fi Protected Access II (WPA2) security protocol and security certification program to secure multi-vendor wireless computer networks. A collection of vulnerabilities have been discovered in the WPA2 standard, which in turn makes every standard-compliant implementation vulnerable:\n\n<https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update>\n\nAttackers within wireless range of the access point (AP) and client, can, with some difficulty, attain a man-in-the-middle position. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP or GCMP) and other situational factors, this could lead to a wide range of disruptions and security flaws such as arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.\n\nAs this is an industry-wide issue, the Wi-Fi Alliance and cybersecurity organizations are the best source for information about the threat, exploits, and mitigations:\n\n<https://www.wi-fi.org/security-update-october-2017>\n\n<http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities/>\n\n<https://www.kb.cert.org/vuls/id/228519>\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nOnce the full details of the exploit have been made public and until Operating System (OS) and device patches are universally applied, users should assume all Wi-Fi access points are essentially public and have the same security levels as ordinary coffee shops or airport Wi-Fi. Users should protect themselves with the usual techniques such as using a VPN, https, SSH, and other common means of verifying endpoints and encrypting communications over public networks.\n\nIn common circumstances, a WPA2 connection is not protected until both sides, typically a client system and an access point, have been patched. Therefore, it is best to assume a connection is insecure if you do not know the status of the other end, and protect yourself as described above.\n\nAll Wi-Fi stacks will have to be updated to follow the new recommended WPA2 key handshake behavior. Lenovo product impact assessment is ongoing; please check this advisory frequently for updates.\n\nMost Windows systems with Wi-Fi capability will be covered by this update from Microsoft:\n\n<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080>\n\nIn some cases a new Wi-Fi device driver will also be needed. vPro-enabled systems using the AMT management function will need a firmware update.\n\nLinux systems typically receive patches from the distribution\u2019s repository (e.g. Red Hat, SUSE, Ubuntu/Canonical). The distribution suppliers either have \u2013 or are in the process of \u2013 releasing a patch. Users should apply the update from their supplier as soon as it is available.\n\nRouters, smart speakers, and other devices with embedded firmware will see firmware updates released individually. Check the support page for individual devices and apply updates as soon as they are available.\n\n**Product Impact:**\n", "edition": 1214, "modified": "2019-01-23T12:36:01", "published": "2018-12-18T15:12:07", "id": "LENOVO:PS500143-NOSID", "href": "https://support.lenovo.com/us/en/product_security/len-17420/", "title": "WPA2 Protocol Vulnerabilities - US", "type": "lenovo", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:41:34", "bulletinFamily": "info", "cvelist": ["CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13083", "CVE-2017-13084", "CVE-2017-13085", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088"], "description": "### Overview \n\nWi-Fi Protected Access (WPA, more commonly WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or \"KRACK\" attacks.\n\n### Description \n\n[**CWE-323**](<https://cwe.mitre.org/data/definitions/323.html>)**: Reusing a Nonce, Key Pair in Encryption**\n\nWi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames. \n \nThe following CVE IDs have been assigned to document these vulnerabilities in the WPA2 protocol: \n\n\n * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake\n * CVE-2017-13078: reinstallation of the group key in the Four-way handshake\n * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake\n * CVE-2017-13080: reinstallation of the group key in the Group Key handshake\n * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake\n * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it\n * CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake\n * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake\n * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame\n * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame\n \nFor a detailed description of these issues, refer to the researcher's [website](<https://www.krackattacks.com/>) and [paper](<https://papers.mathyvanhoef.com/ccs2017.pdf>). \n--- \n \n### Impact \n\nAn attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames. \n \n--- \n \n### Solution \n\n**Install Updates** \n \nThe WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific vendor or product, check the Vendor Information section of this document or contact the vendor directly. Note that the vendor list below is not exhaustive. \n \n--- \n \n### Vendor Information\n\n228519\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### 9front Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://code.9front.org/hg/plan9front/rev/94d052c01881>\n\n### ADTRAN Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://supportforums.adtran.com/message/24028#24028>\n * <https://supportforums.adtran.com/servlet/JiveServlet/previewBody/8732-102-1-12335/ADTRAN%20WPA2%20KRACK%20Attack%20Advisory%20(ADTSA-KRA1001%20REV%20A).pdf>\n\n### AVM GmbH __ Affected\n\nUpdated: October 24, 2017 \n\n**Statement Date: October 24, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<https://en.avm.de/service/current-security-notifications/>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://en.avm.de/service/current-security-notifications/>\n\n### Actiontec Affected\n\nNotified: August 30, 2017 Updated: October 20, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-KRACK-vulnerability>\n\n### Aerohive Affected\n\nNotified: August 30, 2017 Updated: October 17, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www3.aerohive.com/support/security-bulletins/Product-Security-Announcement-Aerohives-Response-to-KRACK-10162017.html>\n\n### Alcatel-Lucent Enterprise Affected\n\nNotified: August 28, 2017 Updated: November 08, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.al-enterprise.com/en/support/security-alert-krack>\n\n### Android Open Source Project Affected\n\nNotified: August 28, 2017 Updated: November 08, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://source.android.com/security/bulletin/2017-11-01#2017-11-06-details>\n\n### Apple __ Affected\n\nNotified: August 28, 2017 Updated: November 01, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPer Apple's advisory, CVE-2017-13080 is addressed in iOS 11.1.\n\n### Vendor References\n\n * <https://support.apple.com/en-gb/HT208222>\n\n### Arch Linux Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://security.archlinux.org/AVG-448>\n * <https://security.archlinux.org/AVG-447>\n\n### Aruba Networks Affected\n\nNotified: August 28, 2017 Updated: October 09, 2017 \n\n**Statement Date: October 09, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt>\n\n### AsusTek Computer Inc. __ Affected\n\nNotified: August 28, 2017 Updated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n10/18/2017** Security advisory for the vulnerabilities of WPA2 protocol**\n\nASUS is aware of the recent WPA2 vulnerability issue. We take your security and privacy seriously and are currently working towards a full solution as quickly as possible. In the meantime, we want to help clarify the severity of the potential threat, and let our valued customers know the appropriate steps to take in order to avoid or lessen the threat of being compromised. \n \nYour devices are only vulnerable if an attacker is in physical proximity to your wireless network and is able to gain access to it. This exploit cannot steal your banking information, passwords, or other data on a secured connection that utilizes proper end-to-end encryption. However, an attacker could capture and read this information on an unsecured connection via an exploited WiFi network. Depending on the network configuration, it is also possible for the attacker to redirect network traffic, send invalid data to devices or even inject malware into the network. \n \nWe are feverishly working with chipset suppliers to resolve this vulnerability and will release patched firmware for affected routers in the near future. Before this patched firmware is released, here are a few cautions all users should take: \n \n(1) Avoid public Wi-Fi and Hotspots until the routers and your devices are updated. Use cellular network connections if possible. \n(2) Only connect to secured services that you trust or have been verified. Web pages that use HTTPS or another secure connection will include HTTPS in the URL. If the connection is secured using TLS 1.2 your activities with that service is safe for now. \n(3) Keep your operating system and antivirus software up-to-date. Microsoft recently updated Windows to fix this exploit on their latest operating systems. Google and Apple are following suit shortly. \n(4) When in doubt, be safe and use your cellular network or a wired connection (Ethernet) to access the internet. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device on an exploited WiFi connection.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/>\n\n### Barracuda Networks __ Affected\n\nNotified: August 28, 2017 Updated: October 24, 2017 \n\n**Statement Date: October 19, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nOn October 16th, 2017, a research paper with the title of \"Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2\" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key. \n \nRisk Rating: High \n \nAffected Products: Our investigations indicate that currently only Barracuda NextGen Firewall Wi-Fi Models used under Wi-Fi Client mode are affected: \n \nF101 \n \nF201 \n \nF301 \n \nF80 \n \nF82.DSLA \n \nF82.DSLB \n \nF180 \n \nF183 \n \nF280 \n \nFSC1\n\n### Vendor Information \n\nOctober 18, 2017: Hotfixes have been made available. We do recommend to \nupdate your systems also in case the firewall is used under Access Point mode. \n \nFixed Vulnerabilities:\n\n * CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.\n * CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.\n * CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.\n * CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.\n * CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.\n * CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.\n * CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.\n * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.\n * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.\n \nHotfix information and download for firmware 6.2.x \n \nHotfix information and download for firmware 7.0.x \n \nHotfix information and download for firmware 7.1.x \n\n### Vendor References\n\n * <https://community.barracudanetworks.com/forum/index.php?/topic/23525-security-advisories/page-2#entry84537>\n\n### Broadcom __ Affected\n\nNotified: August 30, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe confirm that some of the Broadcom products are affected by some of the issues reported in VU#228519.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cambium Networks Affected\n\nUpdated: October 26, 2017 \n\n**Statement Date: October 25, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://community.cambiumnetworks.com/t5/Enterprise-e4XX-e5XX-series/Security-Advisory-on-Key-Reinstallation-Attacks-KRACK/m-p/79583>\n\n### CentOS Affected\n\nNotified: August 28, 2017 Updated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://lists.centos.org/pipermail/centos-announce/2017-October/022570.html>\n * <https://lists.centos.org/pipermail/centos-announce/2017-October/022569.html>\n\n### Cisco Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa>\n\n### Cradlepoint Affected\n\nUpdated: October 19, 2017 \n\n**Statement Date: October 19, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://knowledgebase.cradlepoint.com/articles/Support/WPA-and-WPA2-Vulnerabilities-KRACK>\n\n### Cypress Semiconductor Affected\n\nNotified: August 30, 2017 Updated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://community.cypress.com/docs/DOC-13871>\n\n### D-Link Systems, Inc. __ Affected\n\nNotified: August 28, 2017 Updated: October 20, 2017 \n\n**Statement Date: October 19, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nOn October 16th, researchers disclosed security vulnerabilities in the widely used standard for Wi-Fi security WPA2 (Wi-Fi Protected Access II) that make it possible for attackers to eavesdrop on Wi-Fi traffic. D-Link has immediately taken actions to investigate this matter. This security concern appears to be an industry-wide issue that will require firmware patches to be provided from the relevant semiconductor chipset manufacturers. \n \nD-Link has requested assistance from the chipset manufacturers. As soon as the firmware patches are received from the chipset manufacturers, we will post them on our websites immediately. Please take the following important actions to help protect your privacy: \n \n1\\. It is highly recommended to use encrypted communications protocols such as VPN or HTTPS, especially when delivering confidential information. \n \n2\\. Check our website regularly for the newest firmware updates. \n \n\n\nVendor References \n \n<http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10075>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10075>\n\n### Debian GNU/Linux Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.debian.org/security/2017/dsa-3999>\n\n### Dell __ Affected\n\nNotified: August 28, 2017 Updated: October 24, 2017 \n\n**Statement Date: October 23, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<http://www.dell.com/support/article/SLN307822>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.dell.com/support/article/SLN307822>\n\n### Digi International __ Affected\n\nUpdated: November 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n[https://forms.na1.netsuite.com/app/site/hosting/scriptlet.nl?script=457&deploy=2&compid=818164&h=5928a16f2b6f9582b799&articleid=2520](<https://forms.na1.netsuite.com/app/site/hosting/scriptlet.nl?script=457&deploy=2&compid=818164&h=5928a16f2b6f9582b799&articleid=2520>)\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://forms.na1.netsuite.com/app/site/hosting/scriptlet.nl?script=457&deploy=2&compid=818164&h=5928a16f2b6f9582b799&articleid=2520](<https://forms.na1.netsuite.com/app/site/hosting/scriptlet.nl?script=457&deploy=2&compid=818164&h=5928a16f2b6f9582b799&articleid=2520>)\n\n### DrayTek Corporation Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.draytek.com/en/news/news/2017/how-are-draytek-wireless-products-affected-by-the-wpa2-krack-vulnerability/>\n\n### Edimax Computer Company Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.edimax.com/edimax/post/post/data/edimax/global/response_to_krack/>\n\n### EnGenius Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.engeniustech.com/engenius-advisory-wpa2-krack-vulnerability.html>\n\n### Endian Affected\n\nUpdated: November 01, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://help.endian.com/hc/en-us/articles/115013641427-WPA-and-WPA2-Vulnerability-KRACK-Key-Reinstallation-Attacks-Update>\n\n### Espressif Systems __ Affected\n\nNotified: September 22, 2017 Updated: October 13, 2017 \n\n**Statement Date: October 13, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nOur products ESP8266 and ESP32 are affected by the vulnerability identified as VU#228519.\n\nFor ESP32, we have made remediation in ESP-IDF v2.1.1 on Github. ESP32 which uses ESP-IDF v2.1.1 or later than v2.1.1 will not be affected by this vulnerability. \n \nFor ESP8266, we have updated both RTOS SDK and NONOS SDK on Github on October 13, 2017. ESP8266 which uses RTOS SDK or NONOS SDK after October 13, 2017 will not be affected by this vulnerability. \n \nWe strongly recommend that users update their ESP-IDF, ESP8266 RTOS SDK and ESP8266 NONOS SDK to the latest version to avoid being affected by this vulnerability. \n \nFor ESP8089 and ESP8689, the supplicant protocol runs on the host side. So, whether they are affected by this vulnerability depends on which host is used. But we also recommend that users update their host to fix this vulnerability. \n \nThe updates of ESP-IDF, ESP8266 RTOS SDK and ESP8266 NONOS SDK can be found on the following website: \nESP-IDF: <https://github.com/espressif/esp-idf> \nESP8266 RTOS SDK: <https://github.com/espressif/ESP8266_RTOS_SDK> \nESP8266 NONOS SDK: <https://github.com/espressif/ESP8266_NONOS_SDK>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://github.com/espressif/esp-idf>\n * <https://github.com/espressif/ESP8266_RTOS_SDK>\n * <https://github.com/espressif/ESP8266_NONOS_SDK>\n\n### Extreme Networks Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://extremeportal.force.com/ExtrArticleDetail?n=000018005>\n\n### F-Secure Corporation __ Affected\n\nUpdated: October 24, 2017 \n\n**Statement Date: October 24, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nStatus: An automatic firmware update (version 2017-10-23_01 \u2013 p1.3.21.26) has been released to all F-Secure SENSE router users \n \nUpdate available: 23rd October 2017 \n \nSecurity advisory: <https://www.f-secure.com/en/web/labs_global/fsc-2017-1>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.f-secure.com/en/web/labs_global/fsc-2017-1>\n\n### Fedora Project Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bodhi.fedoraproject.org/updates/FEDORA-2017-60bfb576b7>\n\n### Fortinet, Inc. Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf>\n * <http://www.fortiguard.com/psirt/FG-IR-17-196>\n\n### FreeBSD Project __ Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 12, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nFreeBSD users leveraging WPA2 should monitor the FreeBSD-announce mailing list and/or the Security Information webpage (<https://www.freebsd.org/security/>) for further information regarding how this vulnerability applies to FreeBSD.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.freebsd.org/security/advisories/FreeBSD-SA-17:07.wpa.asc>\n\n### Gentoo Linux Affected\n\nNotified: August 28, 2017 Updated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugs.gentoo.org/634440>\n\n### Google Affected\n\nNotified: August 28, 2017 Updated: November 08, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://source.android.com/security/bulletin/2017-11-01#2017-11-06-details>\n\n### Hewlett Packard Enterprise Affected\n\nNotified: August 28, 2017 Updated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&docLocale=en_US&docId=emr_na-a00029151en_us](<https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&docLocale=en_US&docId=emr_na-a00029151en_us>)\n\n### HostAP Affected\n\nNotified: August 30, 2017 Updated: October 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://w1.fi/security/2017-1/>\n\n### IPFire Project Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://planet.ipfire.org/post/krack-attack-patches-are-on-their-way>\n\n### Intel Corporation Affected\n\nNotified: August 28, 2017 Updated: October 10, 2017 \n\n**Statement Date: October 10, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr](<https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr>)\n\n### Juniper Networks Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: August 28, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://kb.juniper.net/JSA10827>\n\n### LANCOM Systems GmbH __ Affected\n\nUpdated: October 23, 2017 \n\n**Statement Date: October 18, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have become aware of the flaw early this week on Monday October the 16th and will present our patches on Friday October 20. \n \nLANCOM has deliver the following statement: \n<https://www.lancom-systems.com/service-support/instant-help/general-safety-information/> \n\n\nWe have been able to launch our security packages: \n<https://www2.lancom.de/kb.nsf/ac96860327f38e46c12572660046f099/bd86ff5908078296c12581bf004c0b23?OpenDocument>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.lancom-systems.com/service-support/instant-help/general-safety-information/>\n * <https://www2.lancom.de/kb.nsf/ac96860327f38e46c12572660046f099/bd86ff5908078296c12581bf004c0b23?OpenDocument>\n\n### LEDE Project Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://lede-project.org/releases/17.01/notes-17.01.4>\n\n### LIFX Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://support.lifx.com/hc/en-us/articles/115005206863>\n\n### Lenovo Affected\n\nNotified: August 28, 2017 Updated: November 08, 2017 \n\n**Statement Date: October 11, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://support.lenovo.com/ca/en/product_security/len-17420>\n\n### Microchip Technology __ Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 13, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nFor the most updated information about Microchip Wi-Fi products with regards to the WPA2 vulnerabilities , please visit: <http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability>\n\nSummary: \n\n * ATWINC15x0 based products (IC & Modules ) are affected by this vulnerability \u2013 Updated FW with fixes is available here: <http://www.microchip.com/wwwproducts/en/ATWINC1500>\n * RN131 / RN171 based products are affected by this vulnerability \u2013 Updated FW (4.82) will be available by 10/31 and will be published here: <http://www.microchip.com/wwwproducts/en/RN171>\n * ATWILC1000 & ATWILC3000 based products (IC & Modules) for Linux systems \u2013 WPA2 implementation resides on the Host MPU and not on the wireless device. We highly recommend our customers to integrate the latest patches available to ensure their systems are protected. \n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.microchip.com/design-centers/wireless-connectivity/embedded-wi-fi/wpa2-protocol-vulnerability>\n * <http://www.microchip.com/wwwproducts/en/ATWINC1500>\n\n### Microsoft Corporation __ Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nMicrosoft released a security update on October 10, 2017, and customers who have Windows Update enabled and applied the security updates, are protected automatically. \n \nVendor Information \n \nCVE-2017-13080 describes this vulnerability in affected Microsoft products. \n \nVendor References \n \n<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080>\n\n### Mojo Networks Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.mojonetworks.com/wpa2-vulnerability>\n\n### Nest Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://nest.com/support/article/KRACK-vulnerability>\n\n### NetBSD __ Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 17, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nFor CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080\n\nCVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 \nCVE-2017-13087 CVE-2017-13088 aka KRACK Attacks as covered in: \n<https://www.kb.cert.org/vuls/id/228519/> \n \nwpa_supplicant has been patched in our packaging system (pkgsrc) <http://mail-index.netbsd.org/pkgsrc-changes/2017/10/16/msg165381.html> \n<http://mail-index.netbsd.org/pkgsrc-changes/2017/10/17/msg165433.html> \n \nAnd for NetBSD itself, a patch has been commited to the HEAD of the tree & is pending to be merged into the NetBSD/6, 7, 8 branches. \n<http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://mail-index.netbsd.org/pkgsrc-changes/2017/10/16/msg165381.html>\n * <http://mail-index.netbsd.org/pkgsrc-changes/2017/10/17/msg165433.html>\n * <http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html>\n\n### Netgear, Inc. Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837>\n\n### OPNsense Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://forum.opnsense.org/index.php?topic=6206.0>\n\n### OmniROM Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://blog.omnirom.org/development/2017/10/17/omni-builds-updated-krack/>\n\n### Open Mesh Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://help.cloudtrax.com/hc/en-us/articles/115001567804-KRACK-Bulletin>\n\n### OpenBSD Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Peplink Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://forum.peplink.com/t/security-advisory-wpa2-vulnerability-vu-228519/12715>\n\n### Red Hat, Inc. __ Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 03, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nwpa_supplicant as shipped with Red Hat Enterprise Linux is vulnerable.\n\n### Vendor References\n\n * <https://access.redhat.com/security/vulnerabilities/kracks>\n\n### Riverbed Technologies __ Affected\n\nUpdated: October 17, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe would like to report that \"Riverbed Xirrus\" is affected by the WPA2 handshake vulnerability (VU#228519).\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Rockwell Automation __ Affected\n\nUpdated: October 25, 2017 \n\n**Statement Date: October 25, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697>\n\n### Ruckus Wireless __ Affected\n\nNotified: August 30, 2017 Updated: October 18, 2017 \n\n**Statement Date: October 17, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe Ruckus Wireless product is affected. Patches are in beta/development.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.ruckuswireless.com/security>\n * <https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.2.txt>\n * <https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.0.pdf>\n\n### SUSE Linux Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 17, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.suse.com/de-de/support/kb/doc/?id=7022107>\n\n### Samsung Mobile Affected\n\nNotified: August 28, 2017 Updated: October 12, 2017 \n\n**Statement Date: October 12, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sierra Wireless Affected\n\nNotified: September 22, 2017 Updated: October 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---wpa-and-wpa2-vulnerabilities/>\n\n### Slackware Linux Inc. Affected\n\nNotified: August 28, 2017 Updated: October 20, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.slackware.com/changelog/stable.php?cpu=x86_64>\n\n### Sonos __ Affected\n\nUpdated: October 25, 2017 \n\n**Statement Date: October 24, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSonos has determined that our speaker products are affected by issues described in the KRACK WPA2 vulnerability announcement.\n\nWe are working on a firmware update to address these vulnerabilities and will make it available as soon as testing is complete.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Affected\n\nUpdated: November 08, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://talk.sonymobile.com/t5/Other-Discussions-General/KRACK-attack-on-wifi-WPA2/m-p/1269528>\n\n### Sophos, Inc. __ Affected\n\nNotified: September 06, 2017 Updated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<https://community.sophos.com/kb/en-us/127658>\n\n### Vendor Information \n\n<https://community.sophos.com/kb/en-us/127658>\n\n### Vendor References\n\n * <https://community.sophos.com/kb/en-us/127658>\n\n### Synology Affected\n\nUpdated: October 17, 2017 \n\n**Statement Date: October 17, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.synology.com/en-global/support/security/Synology_SA_17_60_KRACK>\n\n### TP-LINK __ Affected\n\nUpdated: October 18, 2017 \n\n**Statement Date: October 18, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nRecently we have already received feedback about the KRACK vulnerabilities.\n\nAfter checking the detailed information of this vulnerability, we have found that some of our products are affected by it. \nWe have published a security advisory on our official website and we are working to solve the problems now. \nHere are the links: \nSecurity Advisory: <http://www.tp-link.com/en/faq-1970.html> \nSoftware updates for the affected devices will be post at www.tp-link.com/support.html<<http://www.tp-link.com/support.html>> over the next few weeks.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.tp-link.com/ph/faq-1970.html>\n * <http://www.tp-link.com/support.html>\n\n### Technicolor __ Affected\n\nUpdated: October 19, 2017 \n\n**Statement Date: October 18, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nBy making use of a model-based approach, researchers from K.U Leuven University have identified several theoretical flaws in the Wi-Fi Protected Acess (WPA) protocol. These weaknesses constitute a new class of attack on the 4-way handshake used in all flavors of WPA/WPA2, named KRACK: Key Reinstallation AttaCK. \n \nThis academic research presents an industry-wide issue as all products implementing Wi-Fi are theoretically vulnerable. \n \nIn practice, no gateway or modem manufactured by Technicolor, implementing WiFi Access point routing function is affected by this class of attack. This is due to the fact that the vulnerable function allowing practical attack against the Access Point is not present. The end users should continue to use their Technicolor gateway or modem without changing WPA2 settings. In particular, none of these attacks is able to retrieve the WPA private passphrase. This recommendation is also valid for the legacy Thomson and Cisco branded gateways and modems. \n \nThe 802.11r standard makes use of a 4-way handshake protocol that was mathematically proven secure by the scientific community. Yet, the research publication exhibits weaknesses in some implementations of this protocol, that can affect the way the client connects to the Access point. For Access Points, the operational impact is very limited. Gateways and modems configured as Wi-Fi Access Point are not potentially concerned, except when supporting Fast BSS Transition handshake introduced with 802.11r standard. Fast BSS Transition handshake is usually not supported on residential gateways and modems, because this feature is intended to minimize roaming time between several access points in a managed network. \n \nTechnicolor works constantly to improve security of its products, alongside with the Wi-Fi Alliance. Technicolor remains committed to provide efficient support to its customers and end-users. \n \nOur detailed security bulletins remain reserved for our customers. Customers can contact their Technicolor Customer Technical Support.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Texas Instruments Affected\n\nUpdated: November 08, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://e2e.ti.com/support/wireless_connectivity/simplelink_wifi_cc31xx_cc32xx/f/968/t/632869>\n\n### Toshiba Commerce Solutions __ Affected\n\nNotified: September 15, 2017 Updated: October 13, 2017 \n\n**Statement Date: October 13, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n**Toshiba Global Commerce Solutions Information for ****_VU#228519_**\n\n**Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse**\n\n * Date Notified: 15 Sept 2017\n * Statement Date: 15 October 2017\n * Date Updated: \n**Status**\n\nAffected\n\n**Vendor Statement**\n\nToshiba Global Commerce Solutions (TGCS) has reviewed the subject VU#228519 across its full product line and has determined that our SureMark 4610 Printer (Models 1NR, 2CR, 2NR) with Wireless Lan Adapter is affected by this vulnerability. TGCS will release a Security Alert directly to entitled customers and business partners. To reduce the risk of an attack based on this vulnerability, we continue communicating with customers while not making this generally available to others who may have ill intent. With the information in the alert, the customer can determine their own level of risk. \n\nTGCS reminds their customers to update third party operating systems and wireless attachment cards for this vulnerability.\n\n**Vendor Information**\n\nToshiba Global Commerce Solution [_Security Alerts_](<https://tgcs04.toshibacommerce.com/cs/idcplg?IdcService=FLD_BROWSE&path=%2fCommunications%2fSecurity%20Alerts&doMarkSubscribed=1>) are available in the Toshiba Commerce Portal at [_www.toshibacommerce.com_](<http://www.toshibacommerce.com/>)_._ An Enterprise ID (EID) is required to access the alerts. If you do not have an EID, please complete the application at [_Apply for an Enterprise ID_](<https://www.toshibacommerce.com/forms/anon/org/app/e8ee98aa-3101-4218-8ac3-1d50c734aa99/launch/index.html?form=F_Form1>)_._ A subscription service is also available. A subscriber will receive an email with a direct link, to quickly access a new alert. To subscribe to future alerts, please visit [_Notifications_](<https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rZRNc8IgEIZ_Sw8eGQhJCDmmWr8abW2dqcnFoYQoTiDRRK399UXrrWOtUzgws7A87y6z88IUzmCq2U4uWCNLzYpjnJJ5-ExR_wnhYa-LAxTRid-j3UcHDTB8gylMuW6qZgkToVtoWSrRQlrs6-8dbEQhWC1MyKqNLABGDjlf1YJvN7I5AF4qtdWSn2TrI7JiC5GJWi70KeIygwnOGQ5Dn4AM8wx4jggByykBInQzHHAD9nxTcWIqRhdWhP7UkElp96K-F8TmjUcxGnTu-50gHCE0IOeEXyQSU0NwUcQkvN7Y1BUgtg30bQMDy8CJZxtIbANt_yGxPTbE9tgQxzbQ_TeQttsGOJq6DzF2PPf2sRleMwxjOHK1XqeR8cFSN-KjgTNbRlgpRVd5TF4ocv1q9znNlZqPx4C9_zw47KO7L72fgk8%21/?1dmy&urile=wcm%3apath%3a%2Fen%2Fhome%2Fabout-us%2Fsubscribe-unsubscribe%2Fsubscribe>) for directions. By subscribing to any of the [_Security Alert folders_](<https://tgcs04.toshibacommerce.com/cs/idcplg?IdcService=FLD_BROWSE&path=%2fCommunications%2fSecurity%20Alerts&doMarkSubscribed=1>) you consent to notification mailings to the email address associated with your Enterprise ID (EID). You can unsubscribe at any time by visiting [_Notifications_](<https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rZRNc8IgEIZ_Sw8eGQhJCDmmWr8abW2dqcnFoYQoTiDRRK399UXrrWOtUzgws7A87y6z88IUzmCq2U4uWCNLzYpjnJJ5-ExR_wnhYa-LAxTRid-j3UcHDTB8gylMuW6qZgkToVtoWSrRQlrs6-8dbEQhWC1MyKqNLABGDjlf1YJvN7I5AF4qtdWSn2TrI7JiC5GJWi70KeIygwnOGQ5Dn4AM8wx4jggByykBInQzHHAD9nxTcWIqRhdWhP7UkElp96K-F8TmjUcxGnTu-50gHCE0IOeEXyQSU0NwUcQkvN7Y1BUgtg30bQMDy8CJZxtIbANt_yGxPTbE9tgQxzbQ_TeQttsGOJq6DzF2PPf2sRleMwxjOHK1XqeR8cFSN-KjgTNbRlgpRVd5TF4ocv1q9znNlZqPx4C9_zw47KO7L72fgk8%21/?1dmy&urile=wcm%3apath%3a%2Fen%2Fhome%2Fabout-us%2Fsubscribe-unsubscribe%2Fsubscribe>) and following the instructions.\n\n**Vendor References**\n\n[**_http://www.toshibacommerce.com_**](<http://www.toshibacommerce.com/>)\n\n**Addendum**\n\nThere are no additional comments at this time.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://tgcs04.toshibacommerce.com/cs/idcplg?IdcService=FLD_BROWSE&path=%2fCommunications%2fSecurity%20Alerts&doMarkSubscribed=1 ](<https://tgcs04.toshibacommerce.com/cs/idcplg?IdcService=FLD_BROWSE&path=%2fCommunications%2fSecurity%20Alerts&doMarkSubscribed=1\n>)\n * <http://www.toshibacommerce.com/>\n * <https://www.toshibacommerce.com/forms/anon/org/app/e8ee98aa-3101-4218-8ac3-1d50c734aa99/launch/index.html?form=F_Form1>\n * <https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rZRNc8IgEIZ_Sw8eGQhJCDmmWr8abW2dqcnFoYQoTiDRRK399UXrrWOtUzgws7A87y6z88IUzmCq2U4uWCNLzYpjnJJ5-ExR_wnhYa-LAxTRid-j3UcHDTB8gylMuW6qZgkToVtoWSrRQlrs6-8dbEQhWC1MyKqNLABGDjlf1YJvN7I5AF4qtdWSn2TrI7J>\n\n### Toshiba Electronic Devices & Storage Corporation __ Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nVULNERABILITY FOUND RELATED TO THE GENERATION AND MANAGEMENT OF WPA2 KEY ON CANVIO (STOR.E) WIRELESS PRODUCTS\n\n<http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm>\n\n### Toshiba Memory Corporation __ Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nProduct 1: FlashAir\n\nSDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir may have a security vulnerability related to the generation and management of WPA2 key (for general customers) \n<http://www.toshiba-personalstorage.net/news/20171017.htm> \n \nSDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir may have a security vulnerability related to the generation and management of WPA2 key (for enterprises and users of the website for developers ESC$B!HESC(BFlashAir DevelopersESC$B!IESC(B) \n<https://www.toshiba-memory.co.jp/en/company/news/20171017-1.html> \n \nProduct 2: CANVIO AeroMobile \n \nVULNERABILITY FOUND RELATED TO THE GENERATION AND MANAGEMENT OF WPA2 KEY \n[http://support.toshiba.com/support/staticContentDetail?contentId=4015875&isFromTOCLink=false](<http://support.toshiba.com/support/staticContentDetail?contentId=4015875&isFromTOCLink=false>)\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.toshiba-personalstorage.net/news/20171017.htm>\n * [http://support.toshiba.com/support/staticContentDetail?contentId=4015875&isFromTOCLink=false](<http://support.toshiba.com/support/staticContentDetail?contentId=4015875&isFromTOCLink=false>)\n\n### Turris Omnia Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://forum.turris.cz/t/turris-os-3-8-4-is-out-with-krack-fix/5391>\n\n### Ubiquiti Networks __ Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n**Statement Date: October 15, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAmpliFi line products are not affected since firmware v2.4.3. Firmware v2.4.2 is partially affected and all versions prior to that are affected.\n\nAll airMAX AC and M series products have fixes for the majority of WPA2 rekeying issues since v8.4.0 (AC series) and v6.0.7 (M series). Additional improvements will fully resolve the issue with v8.4.2/v6.1.2. Furthermore, our proprietary airMAX protocol makes simple attacks more difficult. \n \nReferences: \n<https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100> \n<https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522> \n \nAll UniFi Access Point products are not affected by the WPA PTK issues with firmware 3.9.3 and above, but are affected by the 11r/FT issue, where 11r/FT is still in beta. \n \nReference: \n<https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-4-0-Has-Been-Released/ba-p/2081100>\n * <https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522>\n * <https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365>\n\n### Ubuntu Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://usn.ubuntu.com/usn/usn-3455-1/>\n\n### Volumio Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://volumio.org/forum/changelog-t1575.html>\n\n### Watchguard Technologies, Inc. Affected\n\nUpdated: October 16, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.watchguard.com/wgrd-blog/wpa-and-wpa2-vulnerabilities-update>\n\n### Xiaomi Affected\n\nNotified: August 28, 2017 Updated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://en.miui.com/thread-954223-1-1.html>\n\n### Xirrus Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.xirrus.com/vulnerability-statements/>\n\n### Zebra Technologies __ Affected\n\nNotified: September 01, 2017 Updated: October 30, 2017 \n\n**Statement Date: October 30, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<https://www.zebra.com/us/en/support-downloads/lifeguard-security.html>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.zebra.com/us/en/support-downloads/lifeguard-security.html>\n * <https://www.zebra.com/content/dam/zebra_new_ia/en-us/support-and-downloads/lifeguard-security/krack-security-bulletin.pdf>\n\n### ZyXEL __ Affected\n\nNotified: August 28, 2017 Updated: October 13, 2017 \n\n**Statement Date: October 13, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThanks for bringing it to our attention prior to disclosure. We have identified a list of models vulnerable to the issue(s) and are now working on the fixes.\n\nPlease find the details here: <http://www.zyxel.com/support/announcement_wpa2_key_management.shtml>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.zyxel.com/support/announcement_wpa2_key_management.shtml>\n\n### dd-wrt Affected\n\nUpdated: October 23, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://svn.dd-wrt.com/ticket/6005>\n\n### eero __ Affected\n\nUpdated: November 01, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n<https://blog.eero.com/krack-update-1-fix-beta/>\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://blog.eero.com/krack-update-1-fix-beta/>\n\n### pfSENSE __ Affected\n\nUpdated: October 23, 2017 \n\n**Statement Date: October 20, 2017**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe pfSense project is aware of the KRACK WPA2 flaws and we have addressed them in the upcoming 2.4.1 and 2.3.5 releases, due out next week. \n \nDevelopment snapshots of 2.4.1 and 2.3.5 containing fixes for the issue are available for those who need to obtain the corrections before the official release. These snapshots were fixed as soon as corrections were made available from the FreeBSD project upstream on October 17th. A notice was posted to our social media accounts once the fixes were imported and tested. \n \nThe official releases of 2.4.1 and 2.3.5 will be announced on our blog at <https://www.netgate.com/blog/> and on social media.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://redmine.pfsense.org/issues/7951>\n\n### Arista Networks, Inc. Not Affected\n\nNotified: August 28, 2017 Updated: October 09, 2017 \n\n**Statement Date: October 09, 2017**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Check Point Software Technologies __ Not Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 17, 2017**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nSince this is a client-side attack and we only have wifi access points in our SMB products, that do not support repeater-mode or the 802.11r protocol \u2013 we are not vulnerable.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120938](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120938>)\n\n### Dell EMC __ Not Affected\n\nNotified: August 28, 2017 Updated: October 27, 2017 \n\n**Statement Date: October 25, 2017**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nDell EMC has analyzed the vulnerabilities listed in VU#228519 and have concluded that none of our products are impacted.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://support.emc.com/kb/511474>\n * <https://community.rsa.com/docs/DOC-84103>\n\n### F5 Networks, Inc. Not Affected\n\nNotified: August 28, 2017 Updated: October 23, 2017 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://support.f5.com/csp/article/K23642330>\n\n### Internet Systems Consortium Not Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium - DHCP Not Affected\n\nNotified: August 28, 2017 Updated: October 17, 2017 \n\n**Statement Date: October 16, 2017**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MikroTik __ Not Affected\n\nNotified: September 28, 2017 Updated: October 16, 2017 \n\n**Statement Date: October 10, 2017**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nOn October 16. CERT/CC/ICASI released a public announcement about discovered vulnerabilities in WPA2 handshake protocols that affect most WiFi users and all vendors world wide. \n\nRouterOS v6.39.3, v6.40.4, v6.41rc are not affected! \nIt is important to note that the vulnerability is discovered in the protocol itself, so even a correct implementation is affected. \nThese organizations did contact us earlier, so we have already released fixed versions that address the outlined issues. Not all of the discovered vulnerabilities directly impact RouterOS users, or even apply to RouterOS, but we did follow all recommendations and improved the key exchange process according to the guidelines we received from the organizations who discovered the issue. \nWe released fixed versions last week, so if you upgrade your devices routinely, no further action is required. \nCWE-323 \nCVE-2017-13077 \nCVE-2017-13078 \nCVE-2017-13079 \nCVE-2017-13080 \nCVE-2017-13081 \nCVE-2017-13082 \nCVE-2017-13083 \nCVE-2017-13084 \nCVE-2017-13085 \nCVE-2017-13086 \nCVE-2017-13087 \n \nThe following applies to RouterOS software prior to updates related to the issue. \n \nnv2 \nnv2 is not affected in any way. This applies to both - nv2 AP and client. There is no nonce reset in key exchange possible and key re-installation is not possible, because nv2 key exchange does not directly follow 802.11 key exchange specification. \n \n802.11 nonce reuse \nRouterOS is not affected in any way, RouterOS generates cryptographically strong random initial nonce on boot and never reuses the same nonce during uptime. \n \n802.11 key reinstallation \nThe device operating as client in key exchange is affected by this issue. This means that RouterOS in station modes and APs that establish WDS links with other APs are affected. RouterOS APs (both - standalone and CAPsMAN controlled), that do not establish WDS links with other APs, are not affected. Key reinstallation by resending key exchange frame allows attacker to reset encrypted frame packet counter. This allows attacker to replay frames that where previously sent by AP to client. Please note that RouterOS DOES NOT reset key to some known value that would allow attacker to inject/decrypt any frames to/from client. \n \nSuggested course of action \nIt is always recommended to upgrade to latest RouterOS version, but depending on wireless protocol and mode the suggested course of action is as follows: \n\\- nv2: no action necessary \n\\- 802.11/nstreme AP without WDS: no action necessary \n\\- CAPsMAN: no action necessary \n\\- 802.11/nstreme client (all station modes) or AP with WDS: upgrade to fixed version ASAP.\n\n### Vendor Information \n\nThough Mikrotik has self-identified as not affected, they have published updates that \"improved WPA2 key exchange reliability\" (see <https://mikrotik.com/download/changelogs>).\n\n### Vendor References\n\n * [https://forum.mikrotik.com/viewtopic.php?f=21&t=126695#p623324](<https://forum.mikrotik.com/viewtopic.php?f=21&t=126695#p623324>)\n\n### SonicWall Not Affected\n\nUpdated: October 19, 2017 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.sonicwall.com/en-us/support/product-notification/wpa2-krack-exploit-a-sonicwall-alert>\n\n### VMware Not Affected\n\nNotified: August 28, 2017 Updated: October 16, 2017 \n\n**Statement Date: October 13, 2017**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### 3com Inc Unknown\n\nNotified: August 30, 2017 Updated: August 30, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### ACCESS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### ARRIS Unknown\n\nNotified: October 16, 2017 Updated: October 16, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### AT&T Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Acer Unknown\n\nUpdated: November 08, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alpine Linux Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Amazon Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Atheros Communications, Inc. Unknown\n\nNotified: August 30, 2017 Updated: August 30, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Avaya, Inc. Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Barnes and Noble Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Belkin, Inc. Unknown\n\nNotified: August 28, 2017 Updated: October 19, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://community.wemo.com/t5/News-and-Announcements/KRACK-Vulnerability/td-p/41264>\n * <https://community.linksys.com/t5/Wireless-Routers/KRACK-Vulnerability/td-p/1218573>\n\n### BlackBerry Unknown\n\nNotified: October 13, 2017 Updated: October 13, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Blue Coat Systems Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Brocade Communication Systems Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CA Technologies Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CMX Systems Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Contiki OS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### CoreOS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DesktopBSD Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Devicescape Unknown\n\nNotified: August 30, 2017 Updated: August 30, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### DragonFly BSD Project Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### ENEA Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### EfficientIP SAS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Ericsson Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### European Registry for Internet Domains Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Force10 Networks Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Foundry Brocade Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### GNU adns Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### GNU glibc Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### HTC Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### HardenedBSD Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Hitachi Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Honeywell Unknown\n\nUpdated: November 08, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Huawei Technologies Unknown\n\nNotified: August 22, 2017 Updated: August 22, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### IBM, INC. Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Infoblox Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### JH Software Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Joyent Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Kyocera Communications Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### LG Electronics Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Lantronix Unknown\n\nNotified: October 02, 2017 Updated: October 10, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lynx Software Technologies Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Marvell Semiconductor Unknown\n\nNotified: September 18, 2017 Updated: September 25, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### McAfee Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### MediaTek Unknown\n\nNotified: August 30, 2017 Updated: August 30, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Medtronic Unknown\n\nNotified: August 30, 2017 Updated: August 30, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Motorola, Inc. Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NEC Corporation Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### NLnet Labs Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nexenta Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nokia Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Nominum Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OmniTI Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenDNS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### OpenIndiana Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Oracle Corporation Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Oryx Embedded Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Philips Electronics Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### PowerDNS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Pulse Secure Unknown\n\nNotified: August 30, 2017 Updated: August 30, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### QNX Software Systems Inc. Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### QUALCOMM Incorporated Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Quadros Systems Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Quantenna Communications Unknown\n\nNotified: September 18, 2017 Updated: September 18, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### ReactOS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Redpine Signals Unknown\n\nNotified: September 18, 2017 Updated: September 25, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Rocket RTOS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SafeNet Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Secure64 Software Corporation Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### SmoothWall Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Snort Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sony Corporation Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Sourcefire Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Stryker Unknown\n\nNotified: August 30, 2017 Updated: September 25, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TCPWave Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Tizen Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### TrueOS Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Turbolinux Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Unisys Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Welch Allyn Unknown\n\nNotified: August 30, 2017 Updated: September 25, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### WizNET Technology Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Xilinx Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Zephyr Project Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### dnsmasq Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### gdnsd Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### m0n0wall Unknown\n\nNotified: August 28, 2017 Updated: August 28, 2017 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\nView all 183 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 4.9 | E:POC/RL:ND/RC:C \nEnvironmental | 5.7 | CDP:ND/TD:H/CR:H/IR:H/AR:ND \n \n \n\n\n### References \n\n * <https://cwe.mitre.org/data/definitions/323.html>\n * <https://www.krackattacks.com/>\n * <https://papers.mathyvanhoef.com/ccs2017.pdf>\n\n### Acknowledgements\n\nThanks to Mathy Vanhoef of the imec-DistriNet group at KU Leuven for reporting these vulnerabilities. Mathy thanks John A. Van Boxtel for finding that wpa_supplicant v2.6 is also vulnerable to CVE-2017-13077.The CERT/CC also thanks ICASI for their efforts to facilitate vendor collaboration on addressing these vulnerabilities.\n\nThis document was written by Joel Land.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2017-13077](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13077>), [CVE-2017-13078](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13078>), [CVE-2017-13079](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13079>), [CVE-2017-13080](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13080>), [CVE-2017-13081](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13081>), [CVE-2017-13082](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13082>), [CVE-2017-13084](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13084>), [CVE-2017-13086](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13086>), [CVE-2017-13087](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13087>), [CVE-2017-13088](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-13088>) \n---|--- \n**Date Public:** | 2017-10-16 \n**Date First Published:** | 2017-10-16 \n**Date Last Updated: ** | 2017-11-16 16:37 UTC \n**Document Revision: ** | 144 \n", "modified": "2017-11-16T16:37:00", "published": "2017-10-16T00:00:00", "id": "VU:228519", "href": "https://www.kb.cert.org/vuls/id/228519", "type": "cert", "title": "Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}