Replay Attack Vulnerability in Wi-Fi Protected Access Products by Multiple Vendors
CVE-2017-13088

5.3MEDIUM

Key Information:

Vendor: Wi-fi Alliance
Status: Wi-fi Protected Access (WPa And WPa2)
Vendor: CVE Published:; 17 October 2017

What is CVE-2017-13088?

The vulnerability in Wi-Fi Protected Access (WPA and WPA2) allows unauthorized reinstallation of the Integrity Group Temporal Key (IGTK) due to improper processing of the Wireless Network Management (WNM) Sleep Mode Response frame. An attacker within radio range can exploit this flaw to replay sensitive data frames between access points and clients, potentially leading to network compromise and unauthorized access. It is critical for users to secure their wireless networks against these types of attacks by keeping their firmware updated and employing strong authentication mechanisms.

Affected Version(s)

Wi-Fi Protected Access (WPA and WPA2) WPA

Wi-Fi Protected Access (WPA and WPA2) WPA2

References

http://www.securitytracker.com/id/1039581

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/101274

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2017
Vulnerability Reserved
Aug 22, 2017

Wi-fi Alliance

What is CVE-2017-13088?

Affected Version(s)

References

CVSS V3.1

Timeline