CVE-2017-13086 MEDIUM

Published: 2017-10-17 | Last Modified: 2026-06-17 | Status: Modified

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Additional Descriptions (1)

Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave TPK (Peer Key) TDLS (Tunneled Direct-Link Setup) durante la negociación TDLS, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames.

CVSS Metrics

Base Score: 5.4 (MEDIUM)

AV:A/AC:M/Au:N/C:P/I:P/A:P

Access Vector	ADJACENT_NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 5.5

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-323
[email protected]	Primary	en CWE-330

Affected Products

Vendor	Product	Version	Update	Type
canonical	ubuntu_linux	14.04	<built-in method update of dict object at 0x72a9b0b6aa00>	Operating System
canonical	ubuntu_linux	16.04	<built-in method update of dict object at 0x72a9ccd2a400>	Operating System
canonical	ubuntu_linux	17.04	<built-in method update of dict object at 0x72a9b0b3bdc0>	Operating System
debian	debian_linux	8.0	<built-in method update of dict object at 0x72a9cc6d8180>	Operating System
debian	debian_linux	9.0	<built-in method update of dict object at 0x72a9ccf9d940>	Operating System
freebsd	freebsd	*	<built-in method update of dict object at 0x72a9ccf9f680>	Operating System
freebsd	freebsd	10	<built-in method update of dict object at 0x72a9b0b38d80>	Operating System
freebsd	freebsd	10.4	<built-in method update of dict object at 0x72a9ccd28e00>	Operating System
freebsd	freebsd	11	<built-in method update of dict object at 0x72a9b09077c0>	Operating System
freebsd	freebsd	11.1	<built-in method update of dict object at 0x72a9cdc86e00>	Operating System
opensuse	leap	42.2	<built-in method update of dict object at 0x72a9b0b68c40>	Operating System
opensuse	leap	42.3	<built-in method update of dict object at 0x72a9ccd2a300>	Operating System
redhat	enterprise_linux_desktop	7	<built-in method update of dict object at 0x72a9ccd28900>	Operating System
redhat	enterprise_linux_server	7	<built-in method update of dict object at 0x72a9ccd2bf00>	Operating System
w1.fi	hostapd	0.2.4	<built-in method update of dict object at 0x72a9ccd2b800>	Application
w1.fi	hostapd	0.2.5	<built-in method update of dict object at 0x72a9ccd29b00>	Application
w1.fi	hostapd	0.2.6	<built-in method update of dict object at 0x72a9b0b68580>	Application
w1.fi	hostapd	0.2.8	<built-in method update of dict object at 0x72a9b0b6acc0>	Application
w1.fi	hostapd	0.3.7	<built-in method update of dict object at 0x72a9ccd28200>	Application
w1.fi	hostapd	0.3.9	<built-in method update of dict object at 0x72a9cc6d8200>	Application
w1.fi	hostapd	0.3.10	<built-in method update of dict object at 0x72a9ccd29e40>	Application
w1.fi	hostapd	0.3.11	<built-in method update of dict object at 0x72a9ccd2b980>	Application
w1.fi	hostapd	0.4.7	<built-in method update of dict object at 0x72a9ccd29640>	Application
w1.fi	hostapd	0.4.8	<built-in method update of dict object at 0x72a9ccd2b180>	Application
w1.fi	hostapd	0.4.9	<built-in method update of dict object at 0x72a9ccd2a1c0>	Application
w1.fi	hostapd	0.4.10	<built-in method update of dict object at 0x72a9ccd28f40>	Application
w1.fi	hostapd	0.4.11	<built-in method update of dict object at 0x72a9cdc87e40>	Application
w1.fi	hostapd	0.5.7	<built-in method update of dict object at 0x72a9b0907480>	Application
w1.fi	hostapd	0.5.8	<built-in method update of dict object at 0x72a9cd06e900>	Application
w1.fi	hostapd	0.5.9	<built-in method update of dict object at 0x72a9cd06c080>	Application
w1.fi	hostapd	0.5.10	<built-in method update of dict object at 0x72a9ccf9e9c0>	Application
w1.fi	hostapd	0.5.11	<built-in method update of dict object at 0x72a9cd06dcc0>	Application
w1.fi	hostapd	0.6.8	<built-in method update of dict object at 0x72a9b0b38f80>	Application
w1.fi	hostapd	0.6.9	<built-in method update of dict object at 0x72a9b0b3bac0>	Application
w1.fi	hostapd	0.6.10	<built-in method update of dict object at 0x72a9b0b3ab40>	Application
w1.fi	hostapd	0.7.3	<built-in method update of dict object at 0x72a998c07b00>	Application
w1.fi	hostapd	1.0	<built-in method update of dict object at 0x72a9ccd2acc0>	Application
w1.fi	hostapd	1.1	<built-in method update of dict object at 0x72a9cc64cd40>	Application
w1.fi	hostapd	2.0	<built-in method update of dict object at 0x72a9ccd2a7c0>	Application
w1.fi	hostapd	2.1	<built-in method update of dict object at 0x72a9ccd2aa80>	Application
w1.fi	hostapd	2.2	<built-in method update of dict object at 0x72a9ccd28bc0>	Application
w1.fi	hostapd	2.3	<built-in method update of dict object at 0x72a9ccd29dc0>	Application
w1.fi	hostapd	2.4	<built-in method update of dict object at 0x72a9ccd28940>	Application
w1.fi	hostapd	2.5	<built-in method update of dict object at 0x72a9ccf9f2c0>	Application
w1.fi	hostapd	2.6	<built-in method update of dict object at 0x72a9ccd2a0c0>	Application
w1.fi	wpa_supplicant	0.2.4	<built-in method update of dict object at 0x72a9ccd2b6c0>	Application
w1.fi	wpa_supplicant	0.2.5	<built-in method update of dict object at 0x72a9ccf9f200>	Application
w1.fi	wpa_supplicant	0.2.6	<built-in method update of dict object at 0x72a9cc6f3500>	Application
w1.fi	wpa_supplicant	0.2.7	<built-in method update of dict object at 0x72a9cc48cb80>	Application
w1.fi	wpa_supplicant	0.2.8	<built-in method update of dict object at 0x72a9cc66bac0>	Application
w1.fi	wpa_supplicant	0.3.7	<built-in method update of dict object at 0x72a9b0e26280>	Application
w1.fi	wpa_supplicant	0.3.8	<built-in method update of dict object at 0x72a9e526f180>	Application
w1.fi	wpa_supplicant	0.3.9	<built-in method update of dict object at 0x72a9b0d2e940>	Application
w1.fi	wpa_supplicant	0.3.10	<built-in method update of dict object at 0x72a9b0cbc2c0>	Application
w1.fi	wpa_supplicant	0.3.11	<built-in method update of dict object at 0x72a999778200>	Application
w1.fi	wpa_supplicant	0.4.7	<built-in method update of dict object at 0x72a9b0d2f7c0>	Application
w1.fi	wpa_supplicant	0.4.8	<built-in method update of dict object at 0x72a9b0cbc880>	Application
w1.fi	wpa_supplicant	0.4.9	<built-in method update of dict object at 0x72ab5932f280>	Application
w1.fi	wpa_supplicant	0.4.10	<built-in method update of dict object at 0x72a9af7d5740>	Application
w1.fi	wpa_supplicant	0.4.11	<built-in method update of dict object at 0x72a9b09239c0>	Application
w1.fi	wpa_supplicant	0.5.7	<built-in method update of dict object at 0x72a9b0cbfd80>	Application
w1.fi	wpa_supplicant	0.5.8	<built-in method update of dict object at 0x72a9b0cbe2c0>	Application
w1.fi	wpa_supplicant	0.5.9	<built-in method update of dict object at 0x72a9b0b39540>	Application
w1.fi	wpa_supplicant	0.5.10	<built-in method update of dict object at 0x72a9b0c86780>	Application
w1.fi	wpa_supplicant	0.5.11	<built-in method update of dict object at 0x72a9cd06f8c0>	Application
w1.fi	wpa_supplicant	0.6.8	<built-in method update of dict object at 0x72a9cd06e600>	Application
w1.fi	wpa_supplicant	0.6.9	<built-in method update of dict object at 0x72a9cc66bd40>	Application
w1.fi	wpa_supplicant	0.6.10	<built-in method update of dict object at 0x72a9b0db7440>	Application
w1.fi	wpa_supplicant	0.7.3	<built-in method update of dict object at 0x72a9cd06e980>	Application
w1.fi	wpa_supplicant	1.0	<built-in method update of dict object at 0x72a9cd06eac0>	Application
w1.fi	wpa_supplicant	1.1	<built-in method update of dict object at 0x72a9cd06ebc0>	Application
w1.fi	wpa_supplicant	2.0	<built-in method update of dict object at 0x72a9cd06dbc0>	Application
w1.fi	wpa_supplicant	2.1	<built-in method update of dict object at 0x72a9cd06f740>	Application
w1.fi	wpa_supplicant	2.2	<built-in method update of dict object at 0x72a9af7d72c0>	Application
w1.fi	wpa_supplicant	2.3	<built-in method update of dict object at 0x72a9cd06ec80>	Application
w1.fi	wpa_supplicant	2.4	<built-in method update of dict object at 0x72a9cd087180>	Application
w1.fi	wpa_supplicant	2.5	<built-in method update of dict object at 0x72a9cd0865c0>	Application
w1.fi	wpa_supplicant	2.6	<built-in method update of dict object at 0x72a9cd085040>	Application
suse	linux_enterprise_desktop	12	<built-in method update of dict object at 0x72a9cd084040>	Operating System
suse	linux_enterprise_desktop	12	<built-in method update of dict object at 0x72a9cd085e80>	Operating System
suse	linux_enterprise_point_of_sale	11	<built-in method update of dict object at 0x72a9cd086700>	Operating System
suse	linux_enterprise_server	11	<built-in method update of dict object at 0x72a9cd085a80>	Operating System
suse	linux_enterprise_server	11	<built-in method update of dict object at 0x72a9cd086100>	Operating System
suse	linux_enterprise_server	12	<built-in method update of dict object at 0x72a9cd087800>	Operating System
suse	openstack_cloud	6	<built-in method update of dict object at 0x72a9cd085f80>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:17.04:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`
Yes	`cpe:2.3:o:freebsd:freebsd::::::::`
Yes	`cpe:2.3:o:freebsd:freebsd:10:::::::*`
Yes	`cpe:2.3:o:freebsd:freebsd:10.4:::::::*`
Yes	`cpe:2.3:o:freebsd:freebsd:11:::::::*`
Yes	`cpe:2.3:o:freebsd:freebsd:11.1:::::::*`
Yes	`cpe:2.3:o:opensuse:leap:42.2:::::::*`
Yes	`cpe:2.3:o:opensuse:leap:42.3:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_desktop:7:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server:7:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:w1.fi:hostapd:0.2.4:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.2.5:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.2.6:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.2.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.3.7:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.3.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.3.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.3.11:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.4.7:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.4.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.4.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.4.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.4.11:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.5.7:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.5.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.5.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.5.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.5.11:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.6.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.6.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.6.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:0.7.3:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:1.0:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:1.1:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:2.0:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:2.1:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:2.2:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:2.3:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:2.4:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:2.5:::::::*`
Yes	`cpe:2.3:a:w1.fi:hostapd:2.6:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:1.0:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:1.1:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:2.0:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:2.1:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:2.2:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:2.3:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:2.4:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:2.5:::::::*`
Yes	`cpe:2.3:a:w1.fi:wpa_supplicant:2.6:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2::::::`
Yes	`cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3::::::`
Yes	`cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3::::::`
Yes	`cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::ltss::*`
Yes	`cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::`
Yes	`cpe:2.3:o:suse:linux_enterprise_server:12::::ltss:::`
Yes	`cpe:2.3:o:suse:openstack_cloud:6:::::::*`

References

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Source: [email protected]

Third Party Advisory
http://www.debian.org/security/2017/dsa-3999
Source: [email protected]

Third Party Advisory
http://www.kb.cert.org/vuls/id/228519
Source: [email protected]

Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/101274
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039573
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039576
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039577
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039578
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039581
Source: [email protected]

Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-3455-1
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2907
Source: [email protected]

Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks
Source: [email protected]

Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
Source: [email protected]
https://cert.vde.com/en-us/advisories/vde-2017-005
Source: [email protected]
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Source: [email protected]

Third Party Advisory
https://security.gentoo.org/glsa/201711-03
Source: [email protected]
https://source.android.com/security/bulletin/2017-11-01
Source: [email protected]
https://support.lenovo.com/us/en/product_security/LEN-17420
Source: [email protected]

Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Source: [email protected]

Third Party Advisory
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Source: [email protected]

Third Party Advisory
https://www.krackattacks.com/
Source: [email protected]

Technical Description Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.debian.org/security/2017/dsa-3999
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.kb.cert.org/vuls/id/228519
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/101274
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039573
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039576
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039577
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039578
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039581
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-3455-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2907
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://access.redhat.com/security/vulnerabilities/kracks
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
https://cert.vde.com/en-us/advisories/vde-2017-005
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://security.gentoo.org/glsa/201711-03
Source: af854a3a-2127-422b-91ae-364da2661108
https://source.android.com/security/bulletin/2017-11-01
Source: af854a3a-2127-422b-91ae-364da2661108
https://support.lenovo.com/us/en/product_security/LEN-17420
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.krackattacks.com/
Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description Third Party Advisory