Vulnerability identifier: #VU9591

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-264

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
wpa_supplicant
Server applications / Encryption software

Vendor: Jouni Malinen

Description
The vulnerability allows an adjacent attacker to write arbitrary files on the target system.

The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.

Mitigation
Install update from vendor's website.

Vulnerable software versions

wpa_supplicant: 2.0.0 - 2.6

---

External links
http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.