Lucene search

K
cvelistCertccCVELIST:CVE-2019-9496
HistoryApr 17, 2019 - 1:31 p.m.

CVE-2019-9496 An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps

2019-04-1713:31:08
CWE-642
certcc
www.cve.org

6.5 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

CNA Affected

[
  {
    "product": "hostapd with SAE support",
    "vendor": "Wi-Fi Alliance",
    "versions": [
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "2.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "wpa_supplicant with SAE support",
    "vendor": "Wi-Fi Alliance",
    "versions": [
      {
        "lessThanOrEqual": "2.7",
        "status": "affected",
        "version": "2.7",
        "versionType": "custom"
      }
    ]
  }
]