CVE-2017-13080

ENISA EUVD: EUVD-2017-4598 ↗

✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles Published: 2017-10-17

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.82%

probability

This CVE has a 0.82% probability of being exploited in the next 30 days.

0% Top 74.6th percentile of all CVEs 100%

CVSS v3.0

Source: NVD

5.3

MEDIUM

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2 (legacy)

2.9

LOW

Access Vector

Adjacent Network

Access Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

AV:A/AC:M/Au:N/C:N/I:P/A:N

Description

VulnerabilityLookup (CNA)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Affected Products

Wi-Fi Alliance

Wi-Fi Protected Access (WPA and WPA2)

WPA WPA2

canonical

ubuntu linux

debian

debian linux

freebsd

opensuse

leap

redhat

enterprise linux desktop

Wi-Fi Alliance

Wi-Fi Protected Access (WPA and WPA2)

WPA

Wi-Fi Alliance

Wi-Fi Protected Access (WPA and WPA2)

WPA2

Attack Intelligence

CWE-323 · Reusing a Nonce, Key Pair in Encryption CWE-330 · Use of Insufficiently Random Values CWE-344 CWE-693 · Protection Mechanism Failure

http://www.securitytracker.com/id/1039581

vdb-entry x_refsource_SECTRACK

https://support.apple.com/HT208221

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101274

vdb-entry x_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html

vendor-advisory x_refsource_SUSE

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

mailing-list x_refsource_MLIST

Signal Intelligence

Confidenceⓘ

95%

EPSS 0.82%

CVSS v3.0 5.3

Mentions 4

Last Seen Nov 14, 2017

CNA Information

CNA Assigner

certcc

Analyst Note

CVE-2017-13080 is part of the KRACK (Key Reinstallation Attacks) vulnerability disclosure, which was actively exploited in the wild and publicly disclosed on October 16-17, 2017. Exploitation occurred simultaneously with public disclosure, and patches were being released concurrently by major vendors (Apple, Microsoft, Linux, etc.), meeting the zero-day criteria of in-the-wild exploitation preceding or coinciding with patch availability.

Triage Info

Decided atMar 05, 2026

Published DateOct 17, 2017