CVE-2017-13087
Description
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.216
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Wpa_supplicant security update (CESA-2017:2911) wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm | Linux |
| Wpa_supplicant security update (CESA-2017:2911) wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm | Linux |
| (RHSA-2017:2911) Important: wpa_supplicant security update wpa_supplicant-0.7.3-9.el6_9.2.i686.rpm | Linux |
| (RHSA-2017:2911) Important: wpa_supplicant security update wpa_supplicant-0.7.3-9.el6_9.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-2.9-23.3.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debuginfo-2.9-23.3.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3424-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debugsource-2.9-23.3.1.x86_64.rpm | Linux |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco AnyConnect Secure Mobility Client | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco IP Phone 8800 Series | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Telepresence Integrator C Series | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 300 Series Wireless Access Points | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Small Business 500 Series Wireless Access Points | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 1850 Series Access Points | NCM |
| Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II For Cisco Aironet 3700 Series Access Points | NCM |
| Use of Insufficiently Random Values Vulnerability (CVE-2017-13087) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
| PATCH-1704913 | Security Update for Cisco Small Business 300 Series Wireless Access Points 1.0.6.7 |
| PATCH-1704664 | Security Update for Cisco Small Business 500 Series Wireless Access Points 1.2.1.6 |
| PATCH-1705928 | Security Update for Cisco Aironet 1850 Series Access Points 8.3(15.136) |
| PATCH-1705527 | Security Update for Cisco Aironet 3700 Series Access Points 7.5(102.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234