Lucene search

[email protected]CVE-2011-5053

HistoryJan 06, 2012 - 8:55 p.m.

CVE-2011-5053

2012-01-0620:55:01

CWE-287

[email protected]

web.nvd.nist.gov

cve-2011-5053

wi-fi protected setup

wps

pin authentication

nvd

security vulnerability

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

The Wi-Fi Protected Setup (WPS) protocol, when the “external registrar” authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.

Affected configurations

NVD

Node

wi-fiwifi_protected_setup_protocol

CPENameOperatorVersion
wi-fi:wifi_protected_setup_protocolwi-fi wifi protected setup protocoleq*

CPE	Name	Operator	Version
wi-fi:wifi_protected_setup_protocol	wi-fi wifi protected setup protocol	eq	*

References

code.google.com/p/reaver-wps/

sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/

tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps

www.kb.cert.org/vuls/id/723755

www.us-cert.gov/cas/techalerts/TA12-006A.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.041 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2011-5053

prion1 cert1 cvelist1 nvd1