Vulnerability identifier: #VU9591
Vulnerability risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
wpa_supplicant
Server applications /
Encryption software
Vendor: Jouni Malinen
Description
The vulnerability allows an adjacent attacker to write arbitrary files on the target system.
The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.
Mitigation
Install update from vendor's website.
Vulnerable software versions
wpa_supplicant: 2.0.0 - 2.6
External links
http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.