WPA and WPA2 Vulnerability in Fast BSS Transition for Wi-Fi Networks
CVE-2017-13082

8.1HIGH

Key Information:

Vendor: Wi-fi Alliance
Status: Wi-fi Protected Access (WPa And WPa2)
Vendor: CVE Published:; 17 October 2017

What is CVE-2017-13082?

A vulnerability exists in the Fast BSS Transition (FT) process of Wi-Fi Protected Access (WPA and WPA2) that permits an attacker within radio range to initiate a reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the handshake process. This flaw enables potential replay attacks, allowing unauthorized users to decrypt or spoof frames as they traverse the wireless network.

Affected Version(s)

Wi-Fi Protected Access (WPA and WPA2) WPA

Wi-Fi Protected Access (WPA and WPA2) WPA2

References

http://www.securitytracker.com/id/1039581

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/101274

vdb-entryx_refsource_BID

https://rockwellautomation.custhelp.com/app/answers/detai...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2017
Vulnerability Reserved
Aug 22, 2017

Wi-fi Alliance

What is CVE-2017-13082?

Affected Version(s)

References

CVSS V3.1

Timeline