CVE-2017-13088

Summary

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Affected Software

VendorProductVersion RangeStatus
Wi-Fi AllianceWi-Fi Protected Access (WPA and WPA2)WPAaffected
Wi-Fi AllianceWi-Fi Protected Access (WPA and WPA2)WPA2affected

Weaknesses

  • CWE-323: CWE-323: Reusing a Nonce, Key Pair in Encryption

ADP Enrichment

CVE Program Container

Additional References

References