CVE-2024-5290

🗓️ 07 Aug 2024 08:14:08Reported by canonicalType

Issue in Ubuntu wpa_supplicant allows local attacker to escalate privilege

Reporter	Title	Published	Views	Family All 32
AstraLinux	Astra Linux - уязвимость в wpa	3 May 202623:59	–	astralinux
Chainguard	CVE-2024-5290 vulnerabilities	10 Feb 202619:17	–	cgr
Circl	CVE-2024-5290	7 Aug 202411:57	–	circl
CNNVD	wpa_supplicant 安全漏洞	7 Aug 202400:00	–	cnnvd
Cvelist	CVE-2024-5290	7 Aug 202408:14	–	cvelist
Debian	[SECURITY] [DSA 5739-1] wpa security update	6 Aug 202420:04	–	debian
Debian CVE	CVE-2024-5290	7 Aug 202408:14	–	debiancve
Tenable Nessus	Debian dsa-5739 : eapoltest - security update	6 Aug 202400:00	–	nessus
Tenable Nessus	TencentOS Server 4: wpa_supplicant (TSSA-2024:1003)	16 Jun 202500:00	–	nessus
Tenable Nessus	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : wpa_supplicant and hostapd vulnerability (USN-6945-1)	6 Aug 202400:00	–	nessus

NVD

Node

w1.fi wpa_supplicantMatch-

AND

canonical ubuntu_linuxMatch-

[
  {
    "vendor": "Canonical Ltd.",
    "product": "wpa_supplicant",
    "platforms": [
      "Linux"
    ],
    "collectionURL": "https://launchpad.net/ubuntu/+source/",
    "packageName": "wpa",
    "modules": [
      "runtime API to load OpenSC module or PKCS11 engine or module"
    ],
    "programFiles": [
      "src/crypto/tls_openssl.c"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "2:2.10-15",
        "lessThan": "2:2.10-21ubuntu0.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2:2.9.0-21build1",
        "lessThan": "2:2.10-6ubuntu2.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2:2.9-1ubuntu2",
        "lessThan": "2:2.9-1ubuntu4.4",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.4-0ubuntu10",
        "lessThan": "2:2.6-15ubuntu2.8+esm1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.4-0ubuntu3",
        "lessThan": "2.4-0ubuntu6.8+esm1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.1-0ubuntu1",
        "lessThan": "2.1-0ubuntu1.7+esm5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
ubuntu	www.ubuntu.com/security/notices/USN-6945-1
bugs	www.bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
snyk	www.snyk.io/blog/abusing-ubuntu-root-privilege-escalation/

17 Sep 2024 13:09Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.8 - 8.8

EPSS0.00306

SSVC

CWE-427