Wi-Fi Protected Access Vulnerability in Various Networking Products
CVE-2017-13080

5.3MEDIUM

Key Information:

Vendor: Wi-fi Alliance
Status: Wi-fi Protected Access (WPa And WPa2)
Vendor: CVE Published:; 17 October 2017

What is CVE-2017-13080?

This vulnerability arises from a flaw in the Wi-Fi Protected Access (WPA and WPA2) protocols, enabling the reinstallation of the Group Temporal Key (GTK). An attacker within radio range can exploit this weakness to replay frames between access points and clients, potentially intercepting sensitive data. This presents a significant security risk to users of affected networking devices, allowing unauthorized access to network traffic and facilitating further attacks.

Affected Version(s)

Wi-Fi Protected Access (WPA and WPA2) WPA

Wi-Fi Protected Access (WPA and WPA2) WPA2

References

http://www.securitytracker.com/id/1039581

vdb-entryx_refsource_SECTRACK

https://support.apple.com/HT208221

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101274

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2017
Vulnerability Reserved
Aug 22, 2017

Wi-fi Alliance

What is CVE-2017-13080?

Affected Version(s)

References

CVSS V3.1

Timeline