Home

CVE-2017-13078

Description

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.624

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
client support for WPA and WPA2 (USN-3455-1) hostapd_2.4-0ubuntu9.1_i386.debLinux
client support for WPA and WPA2 (USN-3455-1) hostapd_2.4-0ubuntu9.1_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.4-0ubuntu6.2_amd64.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.4-0ubuntu9.1_i386.debLinux
client support for WPA and WPA2 (USN-3455-1) wpasupplicant_2.4-0ubuntu9.1_amd64.debLinux
Wpa_supplicant security update (CESA-2017:2911) wpa_supplicant-0.7.3-9.el6_9.2.i686.rpmLinux
Wpa_supplicant security update (CESA-2017:2911) wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpmLinux
(RHSA-2017:2907) Important: wpa_supplicant security update wpa_supplicant-2.6-5.el7_4.1.x86_64.rpmLinux
(RHSA-2017:2911) Important: wpa_supplicant security update wpa_supplicant-0.7.3-9.el6_9.2.i686.rpmLinux
(RHSA-2017:2911) Important: wpa_supplicant security update wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpmLinux
SUSE-SU-2017:2745-1(SUSE Linux Enterprise Desktop 12-SP2 ) wpa_supplicant-2.2-15.3.1.x86_64.rpmLinux
SUSE-SU-2017:2745-1(SUSE Linux Enterprise Desktop 12-SP2 ) wpa_supplicant-debuginfo-2.2-15.3.1.x86_64.rpmLinux
SUSE-SU-2017:2745-1(SUSE Linux Enterprise Desktop 12-SP2 ) wpa_supplicant-debugsource-2.2-15.3.1.x86_64.rpmLinux
SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-2.9-23.3.1.x86_64.rpmLinux
SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debuginfo-2.9-23.3.1.x86_64.rpmLinux
SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debugsource-2.9-23.3.1.x86_64.rpmLinux
Wpa_supplicant update (ELSA-2017-2911) wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpmLinux
Wpa_supplicant update (ELSA-2017-2911) wpa_supplicant-0.7.3-9.el6_9.2.i686.rpmLinux
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco AnyConnect Secure Mobility ClientNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco IP Phone 8800 SeriesNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Telepresence Integrator C SeriesNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 300 Series Wireless Access PointsNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 500 Series Wireless Access PointsNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 1850 Series Access PointsNCM
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 3700 Series Access PointsNCM
Use of Insufficiently Random Values Vulnerability (CVE-2017-13078)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705981Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034)
PATCH-1705974Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2
PATCH-1706043Security Update for Cisco Telepresence Integrator C Series 9.1.1
PATCH-1704913Security Update for Cisco Small Business 300 Series Wireless Access Points 1.0.6.7
PATCH-1704664Security Update for Cisco Small Business 500 Series Wireless Access Points 1.2.1.6
PATCH-1705928Security Update for Cisco Aironet 1850 Series Access Points 8.3(15.136)
PATCH-1705527Security Update for Cisco Aironet 3700 Series Access Points 7.5(102.0)
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234