CVE-2017-13086
Description
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Risk Information
Base Score
6.8
MODERATE
Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.254
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2017:2907) Important: wpa_supplicant security update wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-2.9-23.3.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debuginfo-2.9-23.3.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debugsource-2.9-23.3.1.x86_64.rpm | Linux |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco AnyConnect Secure Mobility Client | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco IP Phone 8800 Series | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Telepresence Integrator C Series | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 300 Series Wireless Access Points | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 500 Series Wireless Access Points | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 1850 Series Access Points | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 3700 Series Access Points | NCM |
| Use of Insufficiently Random Values Vulnerability (CVE-2017-13086) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
| PATCH-1704913 | Security Update for Cisco Small Business 300 Series Wireless Access Points 1.0.6.7 |
| PATCH-1704664 | Security Update for Cisco Small Business 500 Series Wireless Access Points 1.2.1.6 |
| PATCH-1705928 | Security Update for Cisco Aironet 1850 Series Access Points 8.3(15.136) |
| PATCH-1705527 | Security Update for Cisco Aironet 3700 Series Access Points 7.5(102.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234