Details of VAR-200811-0398

ID

VAR-200811-0398

CVE

CVE-2008-5230

TITLE

Of unspecified Cisco products and other vendor products TKIP Packet decryption in / Impersonation and ARP Vulnerability such as performing poisoning

Trust: 0.8

sources: JVNDB: JVNDB-2008-002386

DESCRIPTION

The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. Wi-Fi Protected Access (WPA) Encryption Standard is prone to an encryption-bypass vulnerability that affects the Temporal Key Integrity Protocol (TKIP) key. Attackers can exploit this issue to overcome the WPA encryption algorithm and read encrypted data sent from a wireless router to a computer. This may allow attackers to obtain potentially sensitive information; other attacks are also possible. If a remote attacker sends a specially crafted playback message, it may be easier to crack the client's packets, and then perform ARP spoofing or other attacks. Please note that this attack is not a key recovery attack. The attacker can only recover the key used to authenticate the message but not the key used to encrypt and obfuscate data, and can only use the recovered key to forge captured packets. Wen, with a window of opportunity of up to 7 attempts. Each attack can only decrypt one message, and the time spent is about 12-15 minutes

Trust: 1.98

sources: NVD: CVE-2008-5230 // JVNDB: JVNDB-2008-002386 // BID: 32164 // VULHUB: VHN-35355

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ios	scope:	eq	version:	*	Trust: 1.0
vendor:	wi fi	model:	alliance wpa	scope:	eq	version:	0	Trust: 0.3

sources: BID: 32164 // JVNDB: JVNDB-2008-002386 // CNNVD: CNNVD-200811-401 // NVD: CVE-2008-5230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-5230
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-5230
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200811-401
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-35355
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-5230
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-35355
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-35355 // JVNDB: JVNDB-2008-002386 // CNNVD: CNNVD-200811-401 // NVD: CVE-2008-5230

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-35355 // JVNDB: JVNDB-2008-002386 // NVD: CVE-2008-5230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200811-401

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200811-401

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002386

PATCH

title:

cisco-sr-20081121-wpa

url:

http://www.cisco.com/warp/public/707/cisco-sr-20081121-wpa.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2008-002386

EXTERNAL IDS

db:	NVD	id:	CVE-2008-5230	Trust: 2.8
db:	BID	id:	32164	Trust: 2.0
db:	JVNDB	id:	JVNDB-2008-002386	Trust: 0.8
db:	CNNVD	id:	CNNVD-200811-401	Trust: 0.7
db:	CISCO	id:	20081121 CISCO RESPONSE TO TKIP ENCRYPTION WEAKNESS	Trust: 0.6
db:	MLIST	id:	[DAILYDAVE] 20081107 ALL UR WIFI(WPA) R BELONG 2 PACSEC	Trust: 0.6
db:	VULHUB	id:	VHN-35355	Trust: 0.1

sources: VULHUB: VHN-35355 // BID: 32164 // JVNDB: JVNDB-2008-002386 // CNNVD: CNNVD-200811-401 // NVD: CVE-2008-5230

REFERENCES

url:	http://www.cisco.com/en/us/products/products_security_response09186a0080a30036.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/32164	Trust: 1.7
url:	http://arstechnica.com/articles/paedia/wpa-cracked.ars	Trust: 1.7
url:	http://dl.aircrack-ng.org/breakingwepandwpa.pdf	Trust: 1.7
url:	http://radajo.blogspot.com/2008/11/wpatkip-chopchop-attack.html	Trust: 1.7
url:	http://trac.aircrack-ng.org/svn/trunk/src/tkiptun-ng.c	Trust: 1.7
url:	http://www.aircrack-ng.org/doku.php?id=tkiptun-ng	Trust: 1.7
url:	http://lists.immunitysec.com/pipermail/dailydave/2008-november/005413.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5230	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5230	Trust: 0.8
url:	http://www.computerworld.com/action/article.do?command=viewarticlebasic&articleid=9119258	Trust: 0.3
url:	http://www.wi-fi.org/knowledge_center/wpa	Trust: 0.3

sources: VULHUB: VHN-35355 // BID: 32164 // JVNDB: JVNDB-2008-002386 // CNNVD: CNNVD-200811-401 // NVD: CVE-2008-5230

CREDITS

Erik TewsMartin Beck

Trust: 0.6

sources: CNNVD: CNNVD-200811-401

SOURCES

db:	VULHUB	id:	VHN-35355
db:	BID	id:	32164
db:	JVNDB	id:	JVNDB-2008-002386
db:	CNNVD	id:	CNNVD-200811-401
db:	NVD	id:	CVE-2008-5230

LAST UPDATE DATE

2025-04-10T23:11:23.088000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-35355	date:	2008-12-03T00:00:00
db:	BID	id:	32164	date:	2015-05-07T17:21:00
db:	JVNDB	id:	JVNDB-2008-002386	date:	2009-07-08T00:00:00
db:	CNNVD	id:	CNNVD-200811-401	date:	2008-12-03T00:00:00
db:	NVD	id:	CVE-2008-5230	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-35355	date:	2008-11-25T00:00:00
db:	BID	id:	32164	date:	2008-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2008-002386	date:	2009-07-08T00:00:00
db:	CNNVD	id:	CNNVD-200811-401	date:	2008-11-25T00:00:00
db:	NVD	id:	CVE-2008-5230	date:	2008-11-25T23:30:00.593