Wi-Fi Protected Access Vulnerability in WPA and WPA2 Products
CVE-2017-13086

6.8MEDIUM

Key Information:

Vendor

Wi-fi Alliance

Status
Wi-fi Protected Access (WPa And WPa2)
Vendor
CVE Published:
17 October 2017

What is CVE-2017-13086?

The vulnerability in Wi-Fi Protected Access (WPA) and WPA2 arises during the Tunneled Direct-Link Setup (TDLS) handshake, which allows attackers within radio range to exploit key reinstallation. This flaw enables an unauthorized user to replay, decrypt, or spoof network frames, potentially compromising the integrity and confidentiality of data transmitted over the network.

Affected Version(s)

Wi-Fi Protected Access (WPA and WPA2) WPA

Wi-Fi Protected Access (WPA and WPA2) WPA2

References

http://www.securitytracker.com/id/1039581
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101274
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3999
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.