CVE-2017-13077

ENISA EUVD: EUVD-2017-4595 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026 2 articles Published: 2017-10-17
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.66%
probability
This CVE has a 0.66% probability of being exploited in the next 30 days.
0% Top 71.4th percentile of all CVEs 100%

CVSS v3.0

Source: NVD
6.8
MEDIUM
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2 (legacy)

5.4
MEDIUM
Access Vector
Adjacent Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:A/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Affected Products

Wi-Fi Alliance
Wi-Fi Protected Access (WPA and WPA2)
WPA WPA2

Attack Intelligence

Signal Intelligence

Confidence
95%
EPSS 0.66%
CVSS v3.0 6.8
Mentions 2
Last Seen Oct 17, 2017

CNA Information

CNA Assigner
certcc

Analyst Note

CVE-2017-13077 is part of the KRACK (Key Reinstallation Attacks) disclosure, a watershed vulnerability in WPA2 affecting billions of devices. The attack was demonstrated in the wild and publicly disclosed on 2017-10-16 by researchers, with vendors simultaneously releasing patches. This is a textbook zero-day: exploitation demonstrated before/concurrent with patch availability in October 2017.

Triage Info

Decided atMar 05, 2026
Published DateOct 17, 2017