Main Vulnerability Database SB2017101724

SB2017101724 - Security restrictions bypass in wpa_supplicant

Published: October 17, 2017 Updated: April 30, 2018

Security Bulletin ID SB2017101724

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2017-13080)

The vulnerability allows an adjacent attacker to write arbitrary files on the target system.

The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.

Remediation

Install update from vendor's website.

References

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt