{
  "threat_severity" : "Important",
  "public_date" : "2017-10-16T00:00:00Z",
  "bugzilla" : {
    "description" : "wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame",
    "id" : "1500304",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500304"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-323",
  "details" : [ "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake." ],
  "statement" : "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.",
  "acknowledgement" : "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-10-17T00:00:00Z",
    "advisory" : "RHSA-2017:2907",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "wpa_supplicant-1:2.6-5.el7_4.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-13088\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13088\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ],
  "name" : "CVE-2017-13088",
  "csaw" : false
}