4.3

CVE-2015-5310

EPSS 0.3%
Veröffentlicht 06.01.2016 19:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version4.4.4

Google ≫ Android Version5.0

Google ≫ Android Version5.1.1

Google ≫ Android Version6.0

Google ≫ Android Version6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.531

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.debian.org/security/2015/dsa-3397

http://www.securitytracker.com/id/1034592

http://source.android.com/security/bulletin/2016-01-01.html

Vendor Advisory

http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt

http://www.openwall.com/lists/oss-security/2015/11/10/9

http://www.securityfocus.com/bid/77541

http://www.ubuntu.com/usn/USN-2808-1

https://nvd.nist.gov/vuln/detail/CVE-2015-5310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5310

EUVD