#VU8847 Key management errors


Published: 2017-10-17 | Updated: 2017-10-17

Vulnerability identifier: #VU8847

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13088

CWE-ID: CWE-320

Exploitation vector: Local network

Exploit availability: No

Description
The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.

External links
http://www.krackattacks.com/
http://papers.mathyvanhoef.com/ccs2017.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


SUSE update for wpa_supplicant
Key management errors in busybox (Alpine package)
Gentoo update for hostapd and wpa_supplicant
OpenSUSE Linux update for hostapd
Multiple vulnerabilities in Rockwell Automation Stratix 5100
Slackware Linux update for wpa_supplicant
OpenSUSE Linux update for wpa
Debian update for wpa
FreeBSD update for WPA2 protocol
SUSE Linux update for wpa