Home

CVE-2017-13077

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Risk Information

Base Score
6.8
MODERATE
Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.375

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-13077,CVE-2017-15397,CVE-2017-15400,CVE-2017-15401,CVE-2017-15402 are fixed in Chrome (x64) 62.0.3202.74Windows
Vulnerabilities CVE-2017-13077,CVE-2017-15397,CVE-2017-15400,CVE-2017-15401,CVE-2017-15402 are fixed in Chrome 62.0.3202.74Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
client support for WPA and WPA2 (USN-3455-1) hostapd_2.1-0ubuntu1.6_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) hostapd_2.1-0ubuntu1.6_i386.debLinux
client support for WPA and WPA2 (USN-3455-1) hostapd_2.4-0ubuntu6.3_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) hostapd_2.4-0ubuntu6.3_i386.debLinux
client support for WPA and WPA2 (USN-3455-1) hostapd_2.4-0ubuntu9.1_i386.debLinux
client support for WPA and WPA2 (USN-3455-1) hostapd_2.4-0ubuntu9.1_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.1-0ubuntu1.6_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.1-0ubuntu1.6_i386.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.4-0ubuntu6.3_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.4-0ubuntu6.2_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.4-0ubuntu9.1_i386.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.4-0ubuntu9.1_amd64.debLinux
Wpa_supplicant security update (CESA-2017:2911) wpa_supplicant-0.7.3-9.el6_9.2.i686.rpmLinux
Wpa_supplicant security update (CESA-2017:2911) wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpmLinux
(RHSA-2017:2907) Important: wpa_supplicant security update wpa_supplicant-2.6-5.el7_4.1.x86_64.rpmLinux
(RHSA-2017:2911) Important: wpa_supplicant security update wpa_supplicant-0.7.3-9.el6_9.2.i686.rpmLinux
(RHSA-2017:2911) Important: wpa_supplicant security update wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpmLinux
SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-2.9-23.3.1.x86_64.rpmLinux
SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debuginfo-2.9-23.3.1.x86_64.rpmLinux
SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debugsource-2.9-23.3.1.x86_64.rpmLinux
Wpa_supplicant update (ELSA-2017-2911) wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpmLinux
Wpa_supplicant update (ELSA-2017-2911) wpa_supplicant-0.7.3-9.el6_9.2.i686.rpmLinux
Vulnerabilities CVE-2017-13077,CVE-2017-15397,CVE-2017-15400,CVE-2017-15401,CVE-2017-15402 are fixed in Chrome 62.0.3202.74 (For Debian)Linux
Vulnerabilities CVE-2017-13077,CVE-2017-15397,CVE-2017-15400,CVE-2017-15401,CVE-2017-15402 are fixed in Chrome 62.0.3202.74 (For Centos)Linux
Vulnerabilities CVE-2017-13077,CVE-2017-15397,CVE-2017-15400,CVE-2017-15401,CVE-2017-15402 are fixed in Chrome 62.0.3202.74 (For RedHat)Linux
Vulnerabilities CVE-2017-13077,CVE-2017-15397,CVE-2017-15400,CVE-2017-15401,CVE-2017-15402 are fixed in Chrome 62.0.3202.74 (For Suse)Linux
Vulnerabilities CVE-2017-13077,CVE-2017-15397,CVE-2017-15400,CVE-2017-15401,CVE-2017-15402 are fixed in Chrome 62.0.3202.74 (For Ubuntu)Linux
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco AnyConnect Secure Mobility ClientNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco IP Phone 8800 SeriesNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Telepresence Integrator C SeriesNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 300 Series Wireless Access PointsNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 500 Series Wireless Access PointsNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 1850 Series Access PointsNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 3700 Series Access PointsNCM
Use of Insufficiently Random Values Vulnerability (CVE-2017-13077)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-313162Google Chrome (x64) (80.0.3987.132)
PATCH-313161Google Chrome (80.0.3987.132)
PATCH-1705981Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034)
PATCH-1705974Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2
PATCH-1706043Security Update for Cisco Telepresence Integrator C Series 9.1.1
PATCH-1704913Security Update for Cisco Small Business 300 Series Wireless Access Points 1.0.6.7
PATCH-1704664Security Update for Cisco Small Business 500 Series Wireless Access Points 1.2.1.6
PATCH-1705928Security Update for Cisco Aironet 1850 Series Access Points 8.3(15.136)
PATCH-1705527Security Update for Cisco Aironet 3700 Series Access Points 7.5(102.0)
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234