7.4
CVE-2019-5108
- EPSS 0.68%
- Published 23.12.2019 19:15:11
- Last modified 21.11.2024 04:44:22
- Source talos-cna@cisco.com
- Teams watchlist Login
- Open Login
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.3
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Cloud Backup Version-
Netapp ≫ Data Availability Services Version-
Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.70.1
Netapp ≫ Hci Management Node Version-
Netapp ≫ Steelstore Cloud Integrated Storage Version-
Netapp ≫ A700s Firmware Version-
Netapp ≫ H610s Firmware Version-
Netapp ≫ 8300 Firmware Version-
Netapp ≫ 8700 Firmware Version-
Netapp ≫ A400 Firmware Version-
Oracle ≫ Sd-wan Edge Version8.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.68% | 0.707 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:N/I:N/A:P
|
| talos-cna@cisco.com | 7.4 | 2.8 | 4 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-440 Expected Behavior Violation
A feature, API, or function does not perform according to its specification.