Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2017-13081 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7, as CONFIG_IEEE80211W was not enabled.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 8.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Attack Vector | Adjacent Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | wpa_supplicant | Not affected |
| Red Hat Enterprise Linux 6 | wpa_supplicant | Not affected |
| Red Hat Enterprise Linux 5 | wpa_supplicant | Not affected |
Vulmon