CVE-2017-13088

UNKNOWN

Published 2017-10-17T13:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-13088. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Wi-Fi Alliance

Wi-Fi Protected Access (WPA and WPA2)

Affected Versions:

WPA WPA2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-qvr8-f9g3-wv5x

Advisory Details

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-13088

WEB https://access.redhat.com/errata/RHSA-2017:2907

WEB https://access.redhat.com/security/vulnerabilities/kracks

WEB https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

WEB https://cert.vde.com/en-us/advisories/vde-2017-005

WEB https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

WEB https://security.gentoo.org/glsa/201711-03

WEB https://source.android.com/security/bulletin/2017-11-01

WEB https://support.lenovo.com/us/en/product_security/LEN-17420

WEB https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

WEB https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

WEB https://www.krackattacks.com

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

WEB http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

WEB http://www.debian.org/security/2017/dsa-3999

WEB http://www.kb.cert.org/vuls/id/228519

WEB http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

WEB http://www.securityfocus.com/bid/101274

WEB http://www.securitytracker.com/id/1039573

WEB http://www.securitytracker.com/id/1039576

WEB http://www.securitytracker.com/id/1039577

WEB http://www.securitytracker.com/id/1039578

WEB http://www.securitytracker.com/id/1039581

WEB http://www.ubuntu.com/usn/USN-3455-1

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: April 20, 2025

References

http://www.securitytracker.com/id/1039581

http://www.securityfocus.com/bid/101274

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

http://www.debian.org/security/2017/dsa-3999

http://www.securitytracker.com/id/1039578

https://access.redhat.com/security/vulnerabilities/kracks

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

http://www.securitytracker.com/id/1039577

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html

https://source.android.com/security/bulletin/2017-11-01

https://security.gentoo.org/glsa/201711-03

https://access.redhat.com/errata/RHSA-2017:2907

https://support.lenovo.com/us/en/product_security/LEN-17420

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc

https://www.krackattacks.com/

http://www.securitytracker.com/id/1039573

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html

http://www.securitytracker.com/id/1039576

http://www.kb.cert.org/vuls/id/228519

https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf

https://cert.vde.com/en-us/advisories/vde-2017-005

http://www.ubuntu.com/usn/USN-3455-1

HackerOne Reports

Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse Medium

vanhoefm

Internet Bug Bounty

Reusing a Nonce, Key Pair in Encryption

View Report

Published: 2017-10-17T13:00:00

Last Modified: 2024-08-05T18:58:12.471Z

Copied to clipboard!

CVE-2017-13088

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Wi-Fi Protected Access (WPA and WPA2)

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

HackerOne Reports

Request Analysis

What to expect

Request Received!