Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise
Transient Key (PTK) Temporal Key (TK) during the four-way handshake,
allowing an attacker within radio range to replay, decrypt, or spoof
frames.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchwpa< 2.1-0ubuntu1.5UNKNOWN
ubuntu16.04noarchwpa< 2.4-0ubuntu6.2UNKNOWN
ubuntu17.04noarchwpa< 2.4-0ubuntu9.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	wpa	< 2.1-0ubuntu1.5	UNKNOWN
ubuntu	16.04	noarch	wpa	< 2.4-0ubuntu6.2	UNKNOWN
ubuntu	17.04	noarch	wpa	< 2.4-0ubuntu9.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2017-13077

nvd.nist.gov/vuln/detail/CVE-2017-13077

security-tracker.debian.org/tracker/CVE-2017-13077

ubuntu.com/security/notices/USN-3455-1

w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

www.cve.org/CVERecord?id=CVE-2017-13077

www.krackattacks.com/

hp 3

alpinelinux 1

nessus 43

cve 1

mskb 1

debiancve 1

osv 4

veracode 1

prion 1

apple 14

ics 11

openvas 31

centos 2

redhat 2

mageia 2

chrome 1

oraclelinux 2

fedora 6

ibm 1

archlinux 2

debian 3

nvidia 1

freebsd_advisory 1

fortinet 1

slackware 1

redhatcve 1

hackerone 1

intel 1

f5 1

thn 1

cisco 1

myhack58 1

huawei 1

freebsd 1

gentoo 1

lenovo 2

ubuntu 1

cert 1

suse 2

oracle 2

HPSBHF03571 rev. 6 - Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability

2017-11-22 00:00:00

HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products

2018-01-12 00:00:00

HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities

2018-01-09 00:00:00

alpinelinux

CVE-2017-13077

2017-10-17 02:29:00

nessus

Fedora 25 : hostapd (2017-cfb950d8f4) (KRACK)

2017-11-16 00:00:00

Fedora 26 : hostapd (2017-45044b6b33) (KRACK)

2017-11-16 00:00:00

Fedora 27 : hostapd (2017-fc21e3856b) (KRACK)

2018-01-15 00:00:00

cve

CVE-2017-13077

2017-10-17 02:29:00

mskb

Description of the security update for the Windows Wireless WPA pairwise encryption key reinstallation vulnerability in WES09 and POSReady 2009: March 13, 2018

2018-03-12 00:00:00

debiancve

CVE-2017-13077

2017-10-17 02:29:00

osv

CVE-2017-13077

2017-10-17 02:29:00

firmware-nonfree - security update

2018-11-10 00:00:00

wpa - security update

2017-10-31 00:00:00

veracode

Key Reinstallation Attack (KRACK)

2019-01-15 09:19:52

prion

Design/Logic Flaw

2017-10-17 02:29:00

apple

About the security content of Wi-Fi Update for Boot Camp 6.4.0

2018-07-05 00:00:00

About the security content of AirPort Base Station Firmware Update 7.6.9

2017-12-12 00:00:00

About the security content of AirPort Base Station Firmware Update 7.6.9 - Apple Support

2017-12-12 09:19:14

ics

PHOENIX CONTACT WLAN Capable Devices using the WPA2 Protocol

2017-11-21 12:00:00

Stryker Medical Beds

2019-01-29 12:00:00

PEPPERL+FUCHS/ecom instruments WLAN Capable Devices using the WPA2 Protocol

2017-12-19 12:00:00

openvas

Intel Active Management Technology WPA2 Key Reinstallation Vulnerabilities - KRACK

2017-10-19 00:00:00

RedHat Update for wpa_supplicant RHSA-2017:2911-01

2017-10-20 00:00:00

CentOS Update for wpa_supplicant CESA-2017:2911 centos6

2017-10-20 00:00:00

centos

wpa_supplicant security update

2017-10-18 16:57:30

wpa_supplicant security update

2017-10-17 21:54:54

redhat

(RHSA-2017:2911) Important: wpa_supplicant security update

2017-10-18 15:43:19

(RHSA-2017:2907) Important: wpa_supplicant security update

2017-10-17 20:14:23

mageia

Updated nonfree firmware packages fixes security vulnerabilities

2018-07-25 11:24:17

Updated wpa_supplicant and hostapd packages fix security vulnerabilities

2017-10-19 21:14:02

chrome

Stable Channel Update for Chrome OS

2017-10-27 00:00:00

oraclelinux

wpa_supplicant security update

2017-10-18 00:00:00

wpa_supplicant security update

2017-10-17 00:00:00

fedora

[SECURITY] Fedora 25 Update: hostapd-2.6-6.fc25

2017-11-15 22:30:40

[SECURITY] Fedora 27 Update: hostapd-2.6-6.fc27

2017-11-15 17:59:04

[SECURITY] Fedora 26 Update: hostapd-2.6-6.fc26

2017-11-15 20:23:27

ibm

Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK)

2018-06-18 01:39:24

archlinux

[ASA-201710-22] wpa_supplicant: man-in-the-middle

2017-10-16 00:00:00

[ASA-201710-23] hostapd: man-in-the-middle

2017-10-16 00:00:00

debian

[SECURITY] [DLA 1573-1] firmware-nonfree security update

2018-11-13 01:33:10

[SECURITY] [DSA 3999-1] wpa security update

2017-10-16 09:20:15

[SECURITY] [DLA 1150-1] wpa security update

2017-10-31 14:48:26

nvidia

Security Bulletin: NVIDIA Linux for Tegra (L4T) “KRACK” vulnerabilities

2017-12-20 00:00:00

freebsd_advisory

FreeBSD-SA-17:07.wpa

2017-10-17 00:00:00

fortinet

Key Reinstallation Attacks: Cryptographic/protocol attack against WPA2

2017-10-16 00:00:00

slackware

[slackware-security] wpa_supplicant

2017-10-18 19:36:09

redhatcve

CVE-2017-13077

2019-10-08 10:15:50

hackerone

Internet Bug Bounty: Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse

2017-11-02 22:08:43

intel

One or more Intel Products affected by the Wi-Fi Protected Access II (WPA2) protocol vulnerability

2017-12-07 00:00:00

K23642330 : Multiple WPA2 vulnerabilities (KRACK)

2017-10-17 00:00:00

thn

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

2017-10-15 23:21:00

cisco

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

2017-10-16 14:00:00

myhack58

KRACK: WPA2 series of vulnerabilities in the event of early warning-vulnerability warning-the black bar safety net

2017-10-18 00:00:00

huawei

Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products

2017-11-17 00:00:00

freebsd

WPA packet number reuse with replayed messages and key reinstallation

2017-10-16 00:00:00

gentoo

hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks

2017-11-10 00:00:00

lenovo

WPA2 Protocol Vulnerabilities - US

2018-12-18 15:12:07

WPA2 Protocol Vulnerabilities - Lenovo Support US

2018-12-18 15:12:07

ubuntu

wpa_supplicant and hostapd vulnerabilities

2017-10-16 00:00:00

cert

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

2017-10-16 00:00:00

suse

Security update for wpa_supplicant (moderate)

2020-11-26 00:00:00

Security update for wpa_supplicant (moderate)

2020-11-27 00:00:00

oracle

Oracle Critical Patch Update - April 2018

2018-04-17 00:00:00

Oracle Critical Patch Update - January 2018

2018-01-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

6.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.4 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for UB:CVE-2017-13077