CVE-2017-13082
8.1
HIGH
CVSS 3.1
EPSS 0.43%
Description
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
How to fix CVE-2017-13082
To remediate CVE-2017-13082, upgrade the affected package to a fixed version below.
- Alpine/hostapd—upgrade to 2.6-r2 or later
- —upgrade to 2.6-r7 or later
- —upgrade to 2:2.4-1.1 or later
Is CVE-2017-13082 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.6-r2
- from 0, < 2.6-r7
- from 0, < 2:2.4-1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |