CVE-2019-9495

🗓️ 17 Apr 2019 13:31:08Reported by certccType

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. Weak passwords may be cracked

Reporter	Title	Published	Views	Family All 87
AlpineLinux	CVE-2019-9495	17 Apr 201913:31	–	alpinelinux
Broadcom	BSA-2019-777	15 Apr 201900:00	–	broadcom
Circl	CVE-2019-9495	17 Jan 202207:22	–	circl
CNVD	WPA encryption problem vulnerability	16 Apr 201900:00	–	cnvd
Cvelist	CVE-2019-9495 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns	17 Apr 201913:31	–	cvelist
Debian	[SECURITY] [DLA 1867-1] wpa security update	31 Jul 201922:10	–	debian
Debian	[SECURITY] [DSA 4430-1] wpa security update	11 Apr 201906:12	–	debian
Debian CVE	CVE-2019-9495	17 Apr 201913:31	–	debiancve
Tenable Nessus	Debian DLA-1867-1 : wpa security update	12 Aug 201900:00	–	nessus
Tenable Nessus	Debian DSA-4430-1 : wpa - security update	15 Apr 201900:00	–	nessus

NVD

Node

w1.fi hostapdRange≤2.7

w1.fi wpa_supplicantRange≤2.7

Node

fedoraproject fedoraMatch28

fedoraproject fedoraMatch29

fedoraproject fedoraMatch30

Node

opensuse backports_sleMatch15.0-

opensuse backports_sleMatch15.0sp1

opensuse leapMatch15.1

Node

synology radius_serverMatch3.0

synology router_managerRange<1.2.3-8017

debian debian_linuxMatch8.0

Node

freebsd freebsdMatch11.2-

freebsd freebsdMatch11.2p2

freebsd freebsdMatch11.2p3

freebsd freebsdMatch11.2p4

freebsd freebsdMatch11.2p5

freebsd freebsdMatch11.2p6

freebsd freebsdMatch11.2p7

freebsd freebsdMatch11.2p8

freebsd freebsdMatch11.2p9

freebsd freebsdMatch11.2rc3

freebsd freebsdMatch12.0-

freebsd freebsdMatch12.0p1

freebsd freebsdMatch12.0p2

freebsd freebsdMatch12.0p3

[
  {
    "product": "hostapd with EAP-pwd support",
    "vendor": "Wi-Fi Alliance",
    "versions": [
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "2.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "wpa_supplicant with EAP-pwd support",
    "vendor": "Wi-Fi Alliance",
    "versions": [
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "2.7",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2019/07/msg00030.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
synology	www.synology.com/security/advisory/Synology_SA_19_16
lists	www.lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
w1	www.w1.fi/security/2019-2/
seclists	www.seclists.org/bugtraq/2019/May/40
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
security	www.security.freebsd.org/advisories/FreeBSD-SA-19:03.wpa.asc
packetstormsecurity	www.packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/

21 Nov 2024 04:51Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.13.7

CVSS 24.3

EPSS0.06885