Errata ALT-PU-2017-2445-1: Information
Fixes
Published: Dec. 3, 2014
BDU:2015-07629
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
Links:
Published: Dec. 3, 2014
BDU:2015-07630
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
Links:
Published: Dec. 4, 2014
BDU:2015-09197
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
Links:
Published: Dec. 4, 2014
BDU:2015-09198
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
Links:
Published: June 15, 2015
BDU:2015-12092
Уязвимость операционной системы openSUSE, клиента защищённого доступа Wi-Fi WPA Supplicant, программной точки доступа Jouni Malinen Hostapd, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: June 15, 2015
BDU:2015-12093
Уязвимость UPnP операционной системы openSUSE, клиента защищённого доступа Wi-Fi WPA Supplicant, программной точки доступа Jouni Malinen Hostapd, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: June 15, 2015
BDU:2015-12094
Уязвимость операционной системы openSUSE, клиента защищённого доступа Wi-Fi WPA Supplicant, программной точки доступа Jouni Malinen Hostapd, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: June 15, 2015
BDU:2015-12095
Уязвимость операционной системы openSUSE, клиента защищённого доступа Wi-Fi WPA Supplicant, программной точки доступа Jouni Malinen Hostapd, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: Nov. 9, 2015
BDU:2015-12120
Уязвимости клиента защищённого доступа Wi-Fi WPA Supplicant, программной точки доступа Jouni Malinen Hostapd и операционной системы openSUSE, позволяющие нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: Aug. 28, 2017
BDU:2017-02263
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (pairwise key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02264
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02265
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (integrity group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02266
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02267
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (integrity group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02268
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (pairwise key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02270
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (Tunered Direct Link PeerKey) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02271
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Aug. 28, 2017
BDU:2017-02272
Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (integrity group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети
Severity: HIGH (7.9) Vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Oct. 16, 2014
Modified: July 27, 2016
Modified: July 27, 2016
CVE-2014-3686
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
Severity: MEDIUM (6.8)
Links:
- 70396
- [oss-security] 20141009 wpa_cli and hostapd_cli action script execution vulnerability
- USN-2383-1
- http://w1.fi/security/2014-1/
- https://bugzilla.redhat.com/show_bug.cgi?id=1151259
- DSA-3052
- 61271
- 60366
- 60428
- openSUSE-SU-2014:1313
- openSUSE-SU-2014:1314
- SUSE-SU-2014:1356
- RHSA-2014:1956
- MDVSA-2015:120
- http://advisories.mageia.org/MGASA-2014-0429.html
- GLSA-201606-17
Published: April 28, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-1863
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
Severity: MEDIUM (5.8)
Links:
- http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
- DSA-3233
- USN-2577-1
- http://packetstormsecurity.com/files/131598/Android-wpa_supplicant-Heap-Overflow.html
- openSUSE-SU-2015:0813
- 1032192
- 20150424 [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow
- RHSA-2015:1090
- GLSA-201606-17
- 74296
- http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19
- 20150423 [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow
Published: June 15, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-4141
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
Severity: MEDIUM (4.3)
Links:
- openSUSE-SU-2015:1030
- [oss-security] 20150509 CVE request: hostapd/wpa_supplicant - WPS UPnP vulnerability with HTTP chunked transfer encoding
- http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
- [oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd
- GLSA-201606-17
- DSA-3397
- USN-2650-1
Published: June 15, 2015
Modified: May 17, 2022
Modified: May 17, 2022
CVE-2015-4142
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
Severity: MEDIUM (4.3)
Links:
- openSUSE-SU-2015:1030
- http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
- RHSA-2015:1090
- [oss-security] 20150509 CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing
- [oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd
- RHSA-2015:1439
- GLSA-201606-17
- 1032625
- FEDORA-2015-cfea96144a
- FEDORA-2015-1521e91178
- FEDORA-2015-6f16b5e39e
- DSA-3397
- USN-2650-1
- https://support.apple.com/kb/HT213258
- 20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
Published: June 15, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-4143
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
Severity: MEDIUM (5.0)
Links:
Published: June 15, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Severity: MEDIUM (5.0)
Links:
Published: June 15, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-4145
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.
Severity: MEDIUM (5.0)
Links:
Published: June 15, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Severity: MEDIUM (5.0)
Links:
- openSUSE-SU-2015:1030
- http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
- http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
- [oss-security] 20150509 Re: CVE request: vulnerability in wpa_supplicant and hostapd
- [oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd
- GLSA-201606-17
- DSA-3397
- USN-2650-1
Published: Feb. 21, 2018
Modified: March 21, 2018
Modified: March 21, 2018
CVE-2015-5314
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 21, 2018
Modified: March 21, 2018
Modified: March 21, 2018
CVE-2015-5315
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 21, 2018
Modified: March 21, 2018
Modified: March 21, 2018
CVE-2015-5316
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 9, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-8041
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
Severity: MEDIUM (5.0)
Links:
- http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt
- https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
- openSUSE-SU-2015:1920
- [oss-security] 20150708 hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation
- openSUSE-SU-2015:1912
- https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
- 75604
- DSA-3397
Published: May 9, 2016
Modified: Aug. 12, 2020
Modified: Aug. 12, 2020
CVE-2016-4476
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13077
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Severity: MEDIUM (6.8) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039585
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- RHSA-2017:2911
- RHSA-2017:2907
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- GLSA-201711-03
- https://support.apple.com/HT208222
- https://support.apple.com/HT208221
- https://support.apple.com/HT208220
- https://support.apple.com/HT208219
- https://source.android.com/security/bulletin/2017-11-01
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://source.android.com/security/bulletin/2018-04-01
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert.vde.com/en-us/advisories/vde-2017-003
- https://source.android.com/security/bulletin/2018-06-01
- 1041432
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13078
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039585
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- RHSA-2017:2911
- RHSA-2017:2907
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- openSUSE-SU-2017:2755
- SUSE-SU-2017:2752
- SUSE-SU-2017:2745
- GLSA-201711-03
- https://support.apple.com/HT208222
- https://support.apple.com/HT208221
- https://support.apple.com/HT208220
- https://support.apple.com/HT208219
- https://source.android.com/security/bulletin/2017-11-01
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert.vde.com/en-us/advisories/vde-2017-003
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13079
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039585
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- openSUSE-SU-2017:2755
- SUSE-SU-2017:2752
- SUSE-SU-2017:2745
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
Published: Oct. 17, 2017
Modified: Nov. 11, 2020
Modified: Nov. 11, 2020
CVE-2017-13080
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://www.krackattacks.com/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
- VU#228519
- 1039585
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 1039572
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- RHSA-2017:2911
- RHSA-2017:2907
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- openSUSE-SU-2017:2755
- SUSE-SU-2017:2752
- SUSE-SU-2017:2745
- 1039703
- GLSA-201711-03
- https://support.apple.com/HT208222
- https://support.apple.com/HT208221
- https://support.apple.com/HT208220
- https://support.apple.com/HT208219
- https://source.android.com/security/bulletin/2017-11-01
- https://support.apple.com/HT208334
- https://support.apple.com/HT208327
- https://support.apple.com/HT208325
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://cert.vde.com/en-us/advisories/vde-2017-003
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13081
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039585
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- openSUSE-SU-2017:2755
- SUSE-SU-2017:2752
- SUSE-SU-2017:2745
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- [debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13082
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Severity: HIGH (8.1) Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039581
- 1039573
- 1039571
- 1039570
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- RHSA-2017:2907
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- https://github.com/vanhoefm/krackattacks-test-ap-ft
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697
- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02
- openSUSE-SU-2020:0222
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13086
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Severity: MEDIUM (6.8) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- RHSA-2017:2907
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13087
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- RHSA-2017:2911
- RHSA-2017:2907
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- openSUSE-SU-2017:2755
- SUSE-SU-2017:2752
- SUSE-SU-2017:2745
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
Published: Oct. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-13088
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://www.krackattacks.com/
- VU#228519
- 1039581
- 1039578
- 1039577
- 1039576
- 1039573
- 101274
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
- 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
- https://support.lenovo.com/us/en/product_security/LEN-17420
- FreeBSD-SA-17:07
- https://access.redhat.com/security/vulnerabilities/kracks
- RHSA-2017:2907
- USN-3455-1
- DSA-3999
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
- openSUSE-SU-2017:2755
- SUSE-SU-2017:2752
- SUSE-SU-2017:2745
- GLSA-201711-03
- https://source.android.com/security/bulletin/2017-11-01
- https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
- https://cert.vde.com/en-us/advisories/vde-2017-005
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html