CVE-2019-9496

EPSS 2.16%
Veröffentlicht 17.04.2019 14:29:03
Zuletzt bearbeitet 21.11.2024 04:51:43
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

W1.Fi ≫ Hostapd Version <= 2.7

W1.Fi ≫ Wpa Supplicant Version <= 2.7

Fedoraproject ≫ Fedora Version28

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.16%	0.836

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-642 External Control of Critical State Data

The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/

https://seclists.org/bugtraq/2019/May/40

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc

https://www.synology.com/security/advisory/Synology_SA_19_16

https://w1.fi/security/2019-3/

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-9496

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-9496

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-9496

EUVD