Wi-Fi Protected Access Vulnerability in Various Networking Products
CVE-2017-13080

5.3MEDIUM

Key Information:

Vendor

Wi-fi Alliance

Status
Wi-fi Protected Access (WPa And WPa2)
Vendor
CVE Published:
17 October 2017

What is CVE-2017-13080?

This vulnerability arises from a flaw in the Wi-Fi Protected Access (WPA and WPA2) protocols, enabling the reinstallation of the Group Temporal Key (GTK). An attacker within radio range can exploit this weakness to replay frames between access points and clients, potentially intercepting sensitive data. This presents a significant security risk to users of affected networking devices, allowing unauthorized access to network traffic and facilitating further attacks.

Affected Version(s)

Wi-Fi Protected Access (WPA and WPA2) WPA

Wi-Fi Protected Access (WPA and WPA2) WPA2

References

http://www.securitytracker.com/id/1039581
vdb-entryx_refsource_SECTRACK
https://support.apple.com/HT208221
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101274
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.