D
DelJo63
The following CVE IDs have been assigned to document these vulnerabilities in the WPA2 protocol:
For a detailed description of these issues, refer to the researcher's website and paper.
Impact
An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
Solution
Install Updates
The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific vendor or product, check the Vendor Information section of this document or contact the vendor directly. Note that the vendor list below is not exhaustive.
Vendor Information (Learn More)
Vendor Status Date Notified Date Updated
see https://www.kb.cert.org/vuls/id/228519 for details
- CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
- CVE-2017-13078: reinstallation of the group key in the Four-way handshake
- CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
- CVE-2017-13080: reinstallation of the group key in the Group Key handshake
- CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
- CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
- CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
For a detailed description of these issues, refer to the researcher's website and paper.
Impact
An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
Solution
Install Updates
The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific vendor or product, check the Vendor Information section of this document or contact the vendor directly. Note that the vendor list below is not exhaustive.
Vendor Information (Learn More)
Vendor Status Date Notified Date Updated
- Aruba Networks Affected 28 Aug 2017 09 Oct 2017
- Cisco Affected 28 Aug 2017 16 Oct 2017
- Espressif Systems Affected 22 Sep 2017 13 Oct 2017
- Fortinet, Inc. Affected 28 Aug 2017 16 Oct 2017
- FreeBSD Project Affected 28 Aug 2017 12 Oct 2017
- Google Affected 28 Aug 2017 16 Oct 2017
- HostAP Affected 30 Aug 2017 16 Oct 2017
- Intel Corporation Affected 28 Aug 2017 10 Oct 2017
- Juniper Networks Affected 28 Aug 2017 16 Oct 2017
- Microchip Technology Affected 28 Aug 2017 16 Oct 2017
- Microsoft Corporation Affected 28 Aug 2017 16 Oct 2017
- OpenBSD Affected 28 Aug 2017 16 Oct 2017
- Peplink Affected 28 Aug 2017 16 Oct 2017
- Red Hat, Inc. Affected 28 Aug 2017 04 Oct 2017
- Samsung Mobile Affected 28 Aug 2017 12 Oct 2017
see https://www.kb.cert.org/vuls/id/228519 for details
