#VU9591 Security restrictions bypass in wpa_supplicant - CVE-2017-13080
Published: December 8, 2017 / Updated: April 30, 2018
Vulnerability identifier: #VU9591
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-13080
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
wpa_supplicant
wpa_supplicant
Software vendor:
Jouni Malinen
Jouni Malinen
Description
The vulnerability allows an adjacent attacker to write arbitrary files on the target system.
The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.
The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.
Remediation
Install update from vendor's website.