Lucene search

[email protected]CVE-2019-9496

HistoryApr 17, 2019 - 2:29 p.m.

CVE-2019-9496

2019-04-1714:29:00

CWE-287

[email protected]

web.nvd.nist.gov

140

cve-2019-9496

hostapd

sae support

authentication

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

CPENameOperatorVersion
w1.fi:hostapdw1.fi hostapdle2.7
w1.fi:wpa_supplicantw1.fi wpa supplicantle2.7
fedoraproject:fedorafedoraproject fedoraeq28
fedoraproject:fedorafedoraproject fedoraeq29
fedoraproject:fedorafedoraproject fedoraeq30

CPE	Name	Operator	Version
w1.fi:hostapd	w1.fi hostapd	le	2.7
w1.fi:wpa_supplicant	w1.fi wpa supplicant	le	2.7
fedoraproject:fedora	fedoraproject fedora	eq	28
fedoraproject:fedora	fedoraproject fedora	eq	29
fedoraproject:fedora	fedoraproject fedora	eq	30