CVE-2019-12588

Exploit

EPSS 0.18%
Veröffentlicht 04.09.2019 12:15:11
Zuletzt bearbeitet 21.11.2024 04:23:09
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Espressif ≫ Arduino Esp8266 Version <= 2.5.2

Espressif ≫ Esp8266 Nonos Sdk Version >= 2.2.0 <= 3.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.391

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

Third Party Advisory

Exploit

https://github.com/espressif

Product

https://matheus-garbelini.github.io/home/post/esp8266-beacon-frame-crash/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-12588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12588

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-12588