Vulnerability in Wi-Fi Protected Access (WPA and WPA2) by Cisco Systems
CVE-2017-13077

6.8MEDIUM

Key Information:

Vendor: Wi-fi Alliance
Status: Wi-fi Protected Access (WPa And WPa2)
Vendor: CVE Published:; 17 October 2017

What is CVE-2017-13077?

The Wi-Fi Protected Access (WPA and WPA2) protocols exhibit a vulnerability that allows an attacker within the radio range to exploit weaknesses during the four-way handshake. By enabling reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK), an adversary can replay, decrypt, or spoof network frames, jeopardizing the confidentiality and integrity of the data transmitted over Wi-Fi networks. This security flaw necessitates immediate action to mitigate risks associated with unauthorized access and exploitation.

Affected Version(s)

Wi-Fi Protected Access (WPA and WPA2) WPA

Wi-Fi Protected Access (WPA and WPA2) WPA2

References

http://www.securitytracker.com/id/1039581

vdb-entryx_refsource_SECTRACK

https://support.apple.com/HT208221

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101274

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2017
Vulnerability Reserved
Aug 22, 2017

Wi-fi Alliance

What is CVE-2017-13077?

Affected Version(s)

References

CVSS V3.1

Timeline