Multiple vulnerabilities in ESP-IDF



Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CWE-ID CWE-320
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe
ESP-IDF
Server applications / Other server solutions

Vendor Espressif Systems

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Key management errors

EUVDB-ID: #VU8837

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13077

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ESP-IDF: 5.0

CPE2.3 External links

http://github.com/espressif/esp-idf/releases/tag/v5.0.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Key management errors

EUVDB-ID: #VU8838

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13078

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ESP-IDF: 5.0

CPE2.3 External links

http://github.com/espressif/esp-idf/releases/tag/v5.0.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Key management errors

EUVDB-ID: #VU8839

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13079

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ESP-IDF: 5.0

CPE2.3 External links

http://github.com/espressif/esp-idf/releases/tag/v5.0.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Key management errors

EUVDB-ID: #VU8840

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ESP-IDF: 5.0

CPE2.3 External links

http://github.com/espressif/esp-idf/releases/tag/v5.0.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Key management errors

EUVDB-ID: #VU8841

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13081

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ESP-IDF: 5.0

CPE2.3 External links

http://github.com/espressif/esp-idf/releases/tag/v5.0.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Key management errors

EUVDB-ID: #VU8842

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13082

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ESP-IDF: 5.0

CPE2.3 External links

http://github.com/espressif/esp-idf/releases/tag/v5.0.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###