Cyber Resilience

CVE-2017-13077

Medium

Published: 17 October 2017

Published
17 October 2017
Modified
20 April 2025
KEV Added
Patch
CVSS Score v3 6.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0239 81.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2017-13077 is a medium-severity Use of Insufficiently Random Values (CWE-330) vulnerability in W1.Fi Wpa Supplicant. Its CVSS base score is 6.8 (Medium).

Operationally, ranked in the top 18.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

CWE(s)

Related Threats

CVEs Like This One

CVE-2007-1285Same product: Canonical Ubuntu Linux
CVE-2026-27515Shared CWE-330
CVE-2026-27755Shared CWE-330
CVE-2026-50208Shared CWE-330
CVE-2025-64097Shared CWE-330
CVE-2026-20101Shared CWE-330
CVE-2026-27637Shared CWE-330
CVE-2024-51346Shared CWE-330
CVE-2025-68704Shared CWE-330
CVE-2024-48928Shared CWE-330

Affected Assets

canonical
ubuntu linux
14.04, 16.04, 17.04
debian
debian linux
8.0, 9.0
freebsd
freebsd
10, 10.4, 11, 11.1, all versions
opensuse
leap
42.2, 42.3
redhat
enterprise linux desktop
7
redhat
enterprise linux server
7
w1.fi
hostapd
0.2.4, 0.2.5, 0.2.6, 0.2.8, 0.3.10
w1.fi
wpa supplicant
0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8
suse
linux enterprise desktop
12
suse
linux enterprise point of sale
11
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-330

Key generation under controlled management uses approved random-bit sources rather than insufficiently random values.

References