Researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, identified a series of vulnerabilities that affect the Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) standards.
These vulnerabilities are protocol-level vulnerabilities that affect a number of industry implementations of the standard in wireless infrastructure devices and wireless clients. The paper is available through the following link: https://papers.mathyvanhoef.com/ccs2017.pdf
An attacker within range of an affected wireless access point (AP) and client may leverage these vulnerabilities to conduct attacks using susceptible data confidentiality protocols.
The following Common Vulnerability and Exposure (CVE) identifiers have been assigned to each of these vulnerabilities:
CVE-2017-13077 reinstallation of the pairwise key in the 4-way handshake
CVE-2017-13078 reinstallation of the group key in the 4-way handshake
CVE-2017-13079 reinstallation of the integrity group key in the 4-way handshake
CVE-2017-13080 reinstallation of the group key in the group key handshake
CVE-2017-13081 reinstallation of the integrity group key in the group key handshake
CVE-2017-13082 Accepting a retransmitted FT Re-association Request and reinstalling the pairwise key while processing it
CVE-2017-13084 reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086 Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087 Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088 Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
These vulnerabilities can be grouped into two categories: those that affect wireless endpoints acting as a “supplicant” and those that affect wireless infrastructure devices acting as "authenticators". Successful exploitation of these vulnerabilities could, depending on the specific device configuration, allow unauthenticated attackers to perform packet replays, decrypt wireless packets, and potentially forge or inject packets into a wireless network. The attacks manipulate retransmissions of handshake messages.
CVEs relevant to Intel® Products and Technologies are:
CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13081
Intel has identified the following Products and Technologies as affected by a subset of these CVE IDs: