This update for hostapd fixes the following issues :
- CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348)
- CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (boo#1172700)
- CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934)
- added AppArmor profile (source apparmor-usr.sbin.hostapd)
{"suse": [{"lastseen": "2022-04-18T12:40:30", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for hostapd fixes the following issues:\n\n - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier\n parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348)\n - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP\n (boo#1172700)\n - CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934)\n\n - added AppArmor profile (source apparmor-usr.sbin.hostapd)\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-545=1", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-04-12T00:00:00", "type": "suse", "title": "Security update for hostapd (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-30004"], "modified": "2021-04-12T00:00:00", "id": "OPENSUSE-SU-2021:0545-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7GHTARPJSUMITH7M3ESWRIZUIYW5UAM6/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-03T03:59:15", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for hostapd fixes the following issues:\n\n - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier\n parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348)\n - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP\n (boo#1172700)\n - CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934)\n\n - added AppArmor profile (source apparmor-usr.sbin.hostapd)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-519=1", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-04-09T00:00:00", "type": "suse", "title": "Security update for hostapd (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-30004"], "modified": "2021-04-09T00:00:00", "id": "OPENSUSE-SU-2021:0519-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXT3Y5NEGCCPGZ7FTYURPUBTHNNJA6MF/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-08T22:05:31", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for wpa_supplicant fixes the following issues:\n\n - CVE-2021-30004: Fixed an issue where forging attacks might have occured\n because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and\n tls/x509v3.c (bsc#1184348).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-563=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-16T00:00:00", "type": "suse", "title": "Security update for wpa_supplicant (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-16T00:00:00", "id": "OPENSUSE-SU-2021:0563-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4XPNZHCXJ32COQGQ62HNGD6DHPO5E552/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-21T22:47:51", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-2226=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-10T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-10T00:00:00", "id": "OPENSUSE-SU-2020:2226-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7S45AUDAZDSITTGVELYZ3FY6T7HMLOED/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-03T03:59:29", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-2204=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-08T00:00:00", "id": "OPENSUSE-SU-2020:2204-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SNZKSW2K4W6JRPVMJ5SOHHDWS6UI5LAZ/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2194=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-07T00:00:00", "id": "OPENSUSE-SU-2020:2194-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TSSIKL5YFHBGYOJ3SQBDZNPPVD4OU4WF/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-21T22:47:51", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for minidlna fixes the following issues:\n\n minidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n - Use $USER instead of $LOGNAME for the default friendly name.\n - Fixed build with GCC 10\n - Fixed some warnings from newer compilers\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n - Fixed spurious warnings with ogg coverart\n - Fixed an issue with VLC where browse results would be truncated.\n - Fixed bookmarks on Samsung Q series\n - Added DSD file support.\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n - Will now reload the log file on SIGHUP.\n - Worked around bad SearchCriteria from the Control4 Android app.\n - Increased max supported network addresses to 8.\n - Added forced alphasort capability.\n - Added episode season and number metadata support.\n - Enabled subtitles by default for unknown DLNA clients, and add\n enable_subtitles config option.\n - Fixed discovery when connected to certain WiFi routers.\n - Added FreeBSD kqueue support.\n - Added the ability to set the group to run as.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2160=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-04T00:00:00", "type": "suse", "title": "Security update for minidlna (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-04T00:00:00", "id": "OPENSUSE-SU-2020:2160-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A2GHF3UJM6D2JSKELXMJY57IRWK3PJM3/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-21T22:47:58", "description": "An update that fixes 22 vulnerabilities is now available.\n\nDescription:\n\n This update for wpa_supplicant fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass\n (bsc#1150934).\n\n Non-security issues fixed:\n\n - Enable SAE support (jsc#SLE-14992).\n - Limit P2P_DEVICE name to appropriate ifname size.\n - Fix wicked wlan (bsc#1156920)\n - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete\n (bsc#1167331)\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n - Update to 2.9 release:\n * SAE changes\n - disable use of groups using Brainpool curves\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n * EAP-pwd changes\n - disable use of groups using Brainpool curves\n - allow the set of groups to be configured (eap_pwd_groups)\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n * fixed FT-EAP initial mobility domain association using PMKSA caching\n (disabled by default for backwards compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n * fixed a regression in OpenSSL 1.1+ engine loading\n * added validation of RSNE in (Re)Association Response frames\n * fixed DPP bootstrapping URI parser of channel list\n * extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n * extended ca_cert_blob to support PEM format\n * improved robustness of P2P Action frame scheduling\n * added support for EAP-SIM/AKA using anonymous@realm identity\n * fixed Hotspot 2.0 credential selection based on roaming consortium to\n ignore credentials without a specific EAP method\n * added experimental support for EAP-TEAP peer (RFC 7170)\n * added experimental support for EAP-TLS peer with TLS v1.3\n * fixed a regression in WMM parameter configuration for a TDLS peer\n * fixed a regression in operation with drivers that offload 802.1X\n 4-way handshake\n * fixed an ECDH operation corner case with OpenSSL\n * SAE changes\n - added support for SAE Password Identifier\n - changed default configuration to enable only groups 19, 20, 21\n (i.e., disable groups 25 and 26) and disable all unsuitable groups\n completely based on REVmd changes\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n - fixed some association cases where both SAE and FT-SAE were enabled\n on both the station and the selected AP\n - started to prefer FT-SAE over SAE AKM if both are enabled\n - started to prefer FT-SAE over FT-PSK if both are enabled\n - fixed FT-SAE when SAE PMKSA caching is used\n - reject use of unsuitable groups based on new implementation\n guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC\n groups with prime >= 256)\n - minimize timing and memory use differences in PWE derivation\n [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n * EAP-pwd changes\n - minimize timing and memory use differences in PWE derivation\n [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n - verify server scalar/element [https://w1.fi/security/2019-4/]\n (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n - enforce rand,mask generation rules more strictly\n - fix a memory leak in PWE derivation\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and\n 27)\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n * Hotspot 2.0 changes\n - do not indicate release number that is higher than the one AP\n supports\n - added support for release number 3\n - enable PMF automatically for network profiles created from\n credentials\n * fixed OWE network profile saving\n * fixed DPP network profile saving\n * added support for RSN operating channel validation (CONFIG_OCV=y and\n network profile parameter ocv=1)\n * added Multi-AP backhaul STA support\n * fixed build with LibreSSL\n * number of MKA/MACsec fixes and extensions\n * extended domain_match and domain_suffix_match to allow list of values\n * fixed dNSName matching in domain_match and domain_suffix_match when\n using wolfSSL\n * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both\n are enabled\n * extended nl80211 Connect and external authentication to support SAE,\n FT-SAE, FT-EAP-SHA384\n * fixed KEK2 derivation for FILS+FT\n * extended client_cert file to allow loading of a chain of PEM encoded\n certificates\n * extended beacon reporting functionality\n * extended D-Bus interface with number of new properties\n * fixed a regression in FT-over-DS with mac80211-based drivers\n * OpenSSL: allow systemwide policies to be overridden\n * extended driver flags indication for separate 802.1X and PSK 4-way\n handshake offload capability\n * added support for random P2P Device/Interface Address use\n * extended PEAP to derive EMSK to enable use with ERP/FILS\n * extended WPS to allow SAE configuration to be added automatically for\n PSK (wps_cred_add_sae=1)\n * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n * extended domain_match and domain_suffix_match to allow list of values\n * added a RSN workaround for misbehaving PMF APs that advertise\n IGTK/BIP KeyID using incorrect byte order\n * fixed PTK rekeying with FILS and FT\n * fixed WPA packet number reuse with replayed messages and key\n reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\n CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant\n [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n * added support for FILS (IEEE 802.11ai) shared key authentication\n * added support for OWE (Opportunistic Wireless Encryption, RFC 8110;\n and transition mode defined by WFA)\n * added support for DPP (Wi-Fi Device Provisioning Protocol)\n * added support for RSA 3k key case with Suite B 192-bit level\n * fixed Suite B PMKSA caching not to update PMKID during each 4-way\n handshake\n * fixed EAP-pwd pre-processing with PasswordHashHash\n * added EAP-pwd client support for salted passwords\n * fixed a regression in TDLS prohibited bit validation\n * started to use estimated throughput to avoid undesired signal\n strength based roaming decision\n * MACsec/MKA:\n - new macsec_linux driver interface support for the Linux kernel\n macsec module\n - number of fixes and extensions\n * added support for external persistent storage of PMKSA cache\n (PMKSA_GET/PMKSA_ADD control interface commands; and\n MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n * fixed mesh channel configuration pri/sec switch case\n * added support for beacon report\n * large number of other fixes, cleanup, and extensions\n * added support for randomizing local address for GAS queries\n (gas_rand_mac_addr parameter)\n * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n * added option for using random WPS UUID (auto_uuid=1)\n * added SHA256-hash support for OCSP certificate matching\n * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n * fixed a regression in RSN pre-authentication candidate selection\n * added option to configure allowed group management cipher suites\n (group_mgmt network profile parameter)\n * removed all PeerKey functionality\n * fixed nl80211 AP and mesh mode configuration regression with Linux\n 4.15 and newer\n * added ap_isolate configuration option for AP mode\n * added support for nl80211 to offload 4-way handshake into the driver\n * added support for using wolfSSL cryptographic library\n * SAE\n - added support for configuring SAE password separately of the WPA2\n PSK/passphrase\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection\n for SAE; note: this is not backwards compatible, i.e., both the AP and\n station side implementations will need to be update at the same time to\n maintain interoperability\n - added support for Password Identifier\n - fixed FT-SAE PMKID matching\n * Hotspot 2.0\n - added support for fetching of Operator Icon Metadata ANQP-element\n - added support for Roaming Consortium Selection element\n - added support for Terms and Conditions\n - added support for OSEN connection in a shared RSN BSS\n - added support for fetching Venue URL information\n * added support for using OpenSSL 1.1.1\n * FT\n - disabled PMKSA caching with FT since it is not fully functional\n - added support for SHA384 based AKM\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,\n BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n - fixed additional IE inclusion in Reassociation Request frame when\n using FT protocol\n\n - Changed service-files for start after network (systemd-networkd).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2053=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-26T00:00:00", "type": "suse", "title": "Security update for wpa_supplicant (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-11-26T00:00:00", "id": "OPENSUSE-SU-2020:2053-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2R3VXKTYLLUYFBZQ2NNAI5NSZOBXISJZ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:55", "description": "An update that fixes 22 vulnerabilities is now available.\n\nDescription:\n\n This update for wpa_supplicant fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass\n (bsc#1150934).\n\n Non-security issues fixed:\n\n - Enable SAE support (jsc#SLE-14992).\n - Limit P2P_DEVICE name to appropriate ifname size.\n - Fix wicked wlan (bsc#1156920)\n - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete\n (bsc#1167331)\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n - Update to 2.9 release:\n * SAE changes\n - disable use of groups using Brainpool curves\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n * EAP-pwd changes\n - disable use of groups using Brainpool curves\n - allow the set of groups to be configured (eap_pwd_groups)\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n * fixed FT-EAP initial mobility domain association using PMKSA caching\n (disabled by default for backwards compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n * fixed a regression in OpenSSL 1.1+ engine loading\n * added validation of RSNE in (Re)Association Response frames\n * fixed DPP bootstrapping URI parser of channel list\n * extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n * extended ca_cert_blob to support PEM format\n * improved robustness of P2P Action frame scheduling\n * added support for EAP-SIM/AKA using anonymous@realm identity\n * fixed Hotspot 2.0 credential selection based on roaming consortium to\n ignore credentials without a specific EAP method\n * added experimental support for EAP-TEAP peer (RFC 7170)\n * added experimental support for EAP-TLS peer with TLS v1.3\n * fixed a regression in WMM parameter configuration for a TDLS peer\n * fixed a regression in operation with drivers that offload 802.1X\n 4-way handshake\n * fixed an ECDH operation corner case with OpenSSL\n * SAE changes\n - added support for SAE Password Identifier\n - changed default configuration to enable only groups 19, 20, 21\n (i.e., disable groups 25 and 26) and disable all unsuitable groups\n completely based on REVmd changes\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n - fixed some association cases where both SAE and FT-SAE were enabled\n on both the station and the selected AP\n - started to prefer FT-SAE over SAE AKM if both are enabled\n - started to prefer FT-SAE over FT-PSK if both are enabled\n - fixed FT-SAE when SAE PMKSA caching is used\n - reject use of unsuitable groups based on new implementation\n guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC\n groups with prime >= 256)\n - minimize timing and memory use differences in PWE derivation\n [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n * EAP-pwd changes\n - minimize timing and memory use differences in PWE derivation\n [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n - verify server scalar/element [https://w1.fi/security/2019-4/]\n (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n - enforce rand,mask generation rules more strictly\n - fix a memory leak in PWE derivation\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and\n 27)\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n * Hotspot 2.0 changes\n - do not indicate release number that is higher than the one AP\n supports\n - added support for release number 3\n - enable PMF automatically for network profiles created from\n credentials\n * fixed OWE network profile saving\n * fixed DPP network profile saving\n * added support for RSN operating channel validation (CONFIG_OCV=y and\n network profile parameter ocv=1)\n * added Multi-AP backhaul STA support\n * fixed build with LibreSSL\n * number of MKA/MACsec fixes and extensions\n * extended domain_match and domain_suffix_match to allow list of values\n * fixed dNSName matching in domain_match and domain_suffix_match when\n using wolfSSL\n * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both\n are enabled\n * extended nl80211 Connect and external authentication to support SAE,\n FT-SAE, FT-EAP-SHA384\n * fixed KEK2 derivation for FILS+FT\n * extended client_cert file to allow loading of a chain of PEM encoded\n certificates\n * extended beacon reporting functionality\n * extended D-Bus interface with number of new properties\n * fixed a regression in FT-over-DS with mac80211-based drivers\n * OpenSSL: allow systemwide policies to be overridden\n * extended driver flags indication for separate 802.1X and PSK 4-way\n handshake offload capability\n * added support for random P2P Device/Interface Address use\n * extended PEAP to derive EMSK to enable use with ERP/FILS\n * extended WPS to allow SAE configuration to be added automatically for\n PSK (wps_cred_add_sae=1)\n * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n * extended domain_match and domain_suffix_match to allow list of values\n * added a RSN workaround for misbehaving PMF APs that advertise\n IGTK/BIP KeyID using incorrect byte order\n * fixed PTK rekeying with FILS and FT\n * fixed WPA packet number reuse with replayed messages and key\n reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077,\n CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\n CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant\n [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n * added support for FILS (IEEE 802.11ai) shared key authentication\n * added support for OWE (Opportunistic Wireless Encryption, RFC 8110;\n and transition mode defined by WFA)\n * added support for DPP (Wi-Fi Device Provisioning Protocol)\n * added support for RSA 3k key case with Suite B 192-bit level\n * fixed Suite B PMKSA caching not to update PMKID during each 4-way\n handshake\n * fixed EAP-pwd pre-processing with PasswordHashHash\n * added EAP-pwd client support for salted passwords\n * fixed a regression in TDLS prohibited bit validation\n * started to use estimated throughput to avoid undesired signal\n strength based roaming decision\n * MACsec/MKA:\n - new macsec_linux driver interface support for the Linux kernel\n macsec module\n - number of fixes and extensions\n * added support for external persistent storage of PMKSA cache\n (PMKSA_GET/PMKSA_ADD control interface commands; and\n MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n * fixed mesh channel configuration pri/sec switch case\n * added support for beacon report\n * large number of other fixes, cleanup, and extensions\n * added support for randomizing local address for GAS queries\n (gas_rand_mac_addr parameter)\n * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n * added option for using random WPS UUID (auto_uuid=1)\n * added SHA256-hash support for OCSP certificate matching\n * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n * fixed a regression in RSN pre-authentication candidate selection\n * added option to configure allowed group management cipher suites\n (group_mgmt network profile parameter)\n * removed all PeerKey functionality\n * fixed nl80211 AP and mesh mode configuration regression with Linux\n 4.15 and newer\n * added ap_isolate configuration option for AP mode\n * added support for nl80211 to offload 4-way handshake into the driver\n * added support for using wolfSSL cryptographic library\n * SAE\n - added support for configuring SAE password separately of the WPA2\n PSK/passphrase\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection\n for SAE; note: this is not backwards compatible, i.e., both the AP and\n station side implementations will need to be update at the same time to\n maintain interoperability\n - added support for Password Identifier\n - fixed FT-SAE PMKID matching\n * Hotspot 2.0\n - added support for fetching of Operator Icon Metadata ANQP-element\n - added support for Roaming Consortium Selection element\n - added support for Terms and Conditions\n - added support for OSEN connection in a shared RSN BSS\n - added support for fetching Venue URL information\n * added support for using OpenSSL 1.1.1\n * FT\n - disabled PMKSA caching with FT since it is not fully functional\n - added support for SHA384 based AKM\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,\n BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n - fixed additional IE inclusion in Reassociation Request frame when\n using FT protocol\n\n - Changed service-files for start after network (systemd-networkd).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2059=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-27T00:00:00", "type": "suse", "title": "Security update for wpa_supplicant (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-11-27T00:00:00", "id": "OPENSUSE-SU-2020:2059-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5HDY6AZL2NYOKU57GM74M5JHC5SYA3IY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2021-12-29T04:50:19", "description": "New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/wpa_supplicant-2.9-i586-1_slack14.2.txz: Upgraded.\n This update fixes the following security issues:\n AP mode PMF disconnection protection bypass.\n UPnP SUBSCRIBE misbehavior in hostapd WPS AP.\n P2P group information processing vulnerability.\n P2P provision discovery processing vulnerability.\n ASN.1: Validate DigestAlgorithmIdentifier parameters.\n Flush pending control interface message for an interface to be removed.\n These issues could result in a denial-of-service, privilege escalation,\n arbitrary code execution, or other unexpected behavior.\n Thanks to nobodino for pointing out the patches.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0535\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.9-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.9-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.9-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.9-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.9-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.9-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.9-i586-8.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.9-x86_64-8.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nc7f924f06b8d72768571d8304f5c37e7 wpa_supplicant-2.9-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n993052fe0c17c01c57a68f1e7ead6254 wpa_supplicant-2.9-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nfa383478bd07b1e7ae7d86b253b21375 wpa_supplicant-2.9-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n200d9c2a29cb6fa65ac997ce2e585dbd wpa_supplicant-2.9-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ndcdc508c0b81f2101786ce35fc083c7b wpa_supplicant-2.9-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n50e4302b46ba90b9b6801c68b5f9a155 wpa_supplicant-2.9-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nca90b2f1ab0b20a3001a02269528dd78 n/wpa_supplicant-2.9-i586-8.txz\n\nSlackware x86_64 -current package:\n34e0822856e122fbbfbd9c5bbffd6762 n/wpa_supplicant-2.9-x86_64-8.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg wpa_supplicant-2.9-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-12-29T03:28:00", "type": "slackware", "title": "[slackware-security] wpa_supplicant", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-0326", "CVE-2021-0535", "CVE-2021-27803", "CVE-2021-30004"], "modified": "2021-12-29T03:28:00", "id": "SSA-2021-362-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-08-10T16:35:19", "description": "The version of wpa_supplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-362-01 advisory.\n\n - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. (CVE-2019-16275)\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\n - In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741 (CVE-2021-0535)\n\n - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. (CVE-2021-27803)\n\n - In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-12-29T00:00:00", "type": "nessus", "title": "Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275", "CVE-2020-12695", "CVE-2021-0326", "CVE-2021-0535", "CVE-2021-27803", "CVE-2021-30004"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:wpa_supplicant", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2021-362-01.NASL", "href": "https://www.tenable.com/plugins/nessus/156338", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2021-362-01. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156338);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\n \"CVE-2019-16275\",\n \"CVE-2020-12695\",\n \"CVE-2021-0326\",\n \"CVE-2021-0535\",\n \"CVE-2021-27803\",\n \"CVE-2021-30004\"\n );\n\n script_name(english:\"Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to wpa_supplicant.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of wpa_supplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple\nvulnerabilities as referenced in the SSA:2021-362-01 advisory.\n\n - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in\n certain situations because source address validation is mishandled. This is a denial of service that\n should have been prevented by PMF (aka management frame protection). The attacker must send a crafted\n 802.11 frame from a location that is within the 802.11 communications range. (CVE-2019-16275)\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\n - In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use\n after free. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741\n (CVE-2021-0535)\n\n - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi\n Direct) provision discovery requests. It could result in denial of service or other impact (potentially\n execution of arbitrary code), for an attacker within radio range. (CVE-2021-27803)\n\n - In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are\n mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0326\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'i486' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'i486' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'i586' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '8', 'arch' : 'i586' },\n { 'fixed_version' : '2.9', 'product' : 'wpa_supplicant', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '8', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:02:28", "description": "An update of the wpa_supplicant package has been released.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2021-04-29T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Wpa_Supplicant PHSA-2021-4.0-0014", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-29T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:wpa_supplicant", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0014_WPA_SUPPLICANT.NASL", "href": "https://www.tenable.com/plugins/nessus/149050", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0014. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149050);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/29\");\n\n script_cve_id(\"CVE-2021-30004\");\n\n script_name(english:\"Photon OS 4.0: Wpa_Supplicant PHSA-2021-4.0-0014\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the wpa_supplicant package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-14.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30004\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'wpa_supplicant-2.9-4.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'wpa_supplicant');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-12T14:49:50", "description": "This update for wpa_supplicant fixes the following issues :\n\nCVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2021:1166-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-16T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:wpa_supplicant:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:wpa_supplicant-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:wpa_supplicant-debugsource:*:*:*:*:*:*:*"], "id": "SUSE_SU-2021-1166-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148501", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1166-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148501);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/16\");\n\n script_cve_id(\"CVE-2021-30004\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2021:1166-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nCVE-2021-30004: Fixed an issue where forging attacks might have\noccured because AlgorithmIdentifier parameters are mishandled in\ntls/pkcs1.c and tls/x509v3.c (bsc#1184348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30004/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211166-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ebc69a9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE MicroOS 5.0 :\n\nzypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1166=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1166=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-2.9-4.29.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.9-4.29.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.9-4.29.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-2.9-4.29.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.9-4.29.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.9-4.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-12T14:51:23", "description": "This update for wpa_supplicant fixes the following issues :\n\n - CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wpa_supplicant (openSUSE-2021-563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-21T00:00:00", "cpe": ["cpe:2.3:o:novell:opensuse:15.2:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:wpa_supplicant:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:wpa_supplicant-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:wpa_supplicant-debugsource:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:wpa_supplicant-gui:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:wpa_supplicant-gui-debuginfo:*:*:*:*:*:*:*"], "id": "OPENSUSE-2021-563.NASL", "href": "https://www.tenable.com/plugins/nessus/148759", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-563.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148759);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2021-30004\");\n\n script_name(english:\"openSUSE Security Update : wpa_supplicant (openSUSE-2021-563)\");\n script_summary(english:\"Check for the openSUSE-2021-563 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\n - CVE-2021-30004: Fixed an issue where forging attacks\n might have occured because AlgorithmIdentifier\n parameters are mishandled in tls/pkcs1.c and\n tls/x509v3.c (bsc#1184348).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184348\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wpa_supplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-2.9-lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-debuginfo-2.9-lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-debugsource-2.9-lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-gui-2.9-lp152.8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-gui-debuginfo-2.9-lp152.8.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-12T14:50:38", "description": "This update for wpa_supplicant fixes the following issues :\n\nCVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters were mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2021-04-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:1125-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-14T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:wpa_supplicant:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:wpa_supplicant-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:wpa_supplicant-debugsource:*:*:*:*:*:*:*"], "id": "SUSE_SU-2021-1125-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1125-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148434);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2021-30004\");\n\n script_name(english:\"SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:1125-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nCVE-2021-30004: Fixed an issue where forging attacks might have\noccured because AlgorithmIdentifier parameters were mishandled in\ntls/pkcs1.c and tls/x509v3.c (bsc#1184348)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30004/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211125-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d641f333\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1125=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-2.9-23.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-debuginfo-2.9-23.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-debugsource-2.9-23.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:18:17", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.(CVE-2019-16275)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2019-2306)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2306.NASL", "href": "https://www.tenable.com/plugins/nessus/131372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131372);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16275\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2019-2306)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - hostapd before 2.10 and wpa_supplicant before 2.10\n allow an incorrect indication of disconnection in\n certain situations because source address validation is\n mishandled. This is a denial of service that should\n have been prevented by PMF (aka management frame\n protection). The attacker must send a crafted 802.11\n frame from a location that is within the 802.11\n communications range.(CVE-2019-16275)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2306\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4f89f248\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-17.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:19:41", "description": "hostapd (and wpa_supplicant when controlling AP mode) did not perform sufficient source address validation for some received Management frames and this could result in ending up sending a frame that caused associated stations to incorrectly believe they were disconnected from the network even if management frame protection (also known as PMF) was negotiated for the association. This could be considered to be a denial of service vulnerability since PMF is supposed to protect from this type of issues.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 2.3-1+deb8u9.\n\nWe recommend that you upgrade your wpa packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "Debian DLA-1922-1 : wpa security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hostapd", "p-cpe:/a:debian:debian_linux:wpagui", "p-cpe:/a:debian:debian_linux:wpasupplicant", "p-cpe:/a:debian:debian_linux:wpasupplicant-udeb", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1922.NASL", "href": "https://www.tenable.com/plugins/nessus/128880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1922-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128880);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-16275\");\n\n script_name(english:\"Debian DLA-1922-1 : wpa security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"hostapd (and wpa_supplicant when controlling AP mode) did not perform\nsufficient source address validation for some received Management\nframes and this could result in ending up sending a frame that caused\nassociated stations to incorrectly believe they were disconnected from\nthe network even if management frame protection (also known as PMF)\nwas negotiated for the association. This could be considered to be a\ndenial of service vulnerability since PMF is supposed to protect from\nthis type of issues.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.3-1+deb8u9.\n\nWe recommend that you upgrade your wpa packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wpa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpagui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"hostapd\", reference:\"2.3-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpagui\", reference:\"2.3-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpasupplicant\", reference:\"2.3-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wpasupplicant-udeb\", reference:\"2.3-1+deb8u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T12:37:26", "description": "Security fix CVE-2019-16275 (AP mode PMF disconnection protection bypass)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "Fedora 30 : hostapd (2019-2265b5ae86)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2019-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hostapd", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-2265B5AE86.NASL", "href": "https://www.tenable.com/plugins/nessus/130781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-2265b5ae86.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130781);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-16275\");\n script_xref(name:\"FEDORA\", value:\"2019-2265b5ae86\");\n\n script_name(english:\"Fedora 30 : hostapd (2019-2265b5ae86)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix CVE-2019-16275 (AP mode PMF disconnection protection\nbypass)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2265b5ae86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"hostapd-2.9-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T12:38:32", "description": "Security fix for CVE-2019-16275\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-15T00:00:00", "type": "nessus", "title": "Fedora 29 : 1:wpa_supplicant (2019-65509aac53)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2019-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-65509AAC53.NASL", "href": "https://www.tenable.com/plugins/nessus/131039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-65509aac53.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131039);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-16275\");\n script_xref(name:\"FEDORA\", value:\"2019-65509aac53\");\n\n script_name(english:\"Fedora 29 : 1:wpa_supplicant (2019-65509aac53)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-16275\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-65509aac53\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"wpa_supplicant-2.7-2.fc29\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T12:37:45", "description": "Security fix CVE-2019-16275 (AP mode PMF disconnection protection bypass)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "Fedora 31 : hostapd (2019-740834c559)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2019-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hostapd", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-740834C559.NASL", "href": "https://www.tenable.com/plugins/nessus/130788", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-740834c559.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130788);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-16275\");\n script_xref(name:\"FEDORA\", value:\"2019-740834c559\");\n\n script_name(english:\"Fedora 31 : hostapd (2019-740834c559)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix CVE-2019-16275 (AP mode PMF disconnection protection\nbypass)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-740834c559\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"hostapd-2.9-2.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T00:22:46", "description": "Security fix for CVE-2019-16275\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "Fedora 30 : 1:wpa_supplicant (2019-2bdcccee3c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-2BDCCCEE3C.NASL", "href": "https://www.tenable.com/plugins/nessus/131090", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-2bdcccee3c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131090);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-16275\");\n script_xref(name:\"FEDORA\", value:\"2019-2bdcccee3c\");\n\n script_name(english:\"Fedora 30 : 1:wpa_supplicant (2019-2bdcccee3c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-16275\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2bdcccee3c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"wpa_supplicant-2.8-3.fc30\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T00:22:23", "description": "Security fix for CVE-2019-16275\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-07T00:00:00", "type": "nessus", "title": "Fedora 31 : 1:wpa_supplicant (2019-0e0b28001d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-0E0B28001D.NASL", "href": "https://www.tenable.com/plugins/nessus/130613", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-0e0b28001d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130613);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-16275\");\n script_xref(name:\"FEDORA\", value:\"2019-0e0b28001d\");\n\n script_name(english:\"Fedora 31 : 1:wpa_supplicant (2019-0e0b28001d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-16275\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-0e0b28001d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:wpa_supplicant package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"wpa_supplicant-2.9-2.fc31\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:wpa_supplicant\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:20:02", "description": "It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : wpa_supplicant and hostapd vulnerability (USN-4136-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:hostapd", "p-cpe:/a:canonical:ubuntu_linux:wpasupplicant", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4136-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129050", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4136-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129050);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-16275\");\n script_xref(name:\"USN\", value:\"4136-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : wpa_supplicant and hostapd vulnerability (USN-4136-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that wpa_supplicant incorrectly handled certain\nmanagement frames. An attacker could possibly use this issue to cause\na denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4136-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected hostapd and / or wpasupplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"hostapd\", pkgver:\"1:2.4-0ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"wpasupplicant\", pkgver:\"2.4-0ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"hostapd\", pkgver:\"2:2.6-15ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"wpasupplicant\", pkgver:\"2:2.6-15ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"hostapd\", pkgver:\"2:2.6-21ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"wpasupplicant\", pkgver:\"2:2.6-21ubuntu3.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd / wpasupplicant\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:12:56", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.(CVE-2019-16275)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-09-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2020-2144)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2144.NASL", "href": "https://www.tenable.com/plugins/nessus/140911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140911);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16275\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2020-2144)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - hostapd before 2.10 and wpa_supplicant before 2.10\n allow an incorrect indication of disconnection in\n certain situations because source address validation is\n mishandled. This is a denial of service that should\n have been prevented by PMF (aka management frame\n protection). The attacker must send a crafted 802.11\n frame from a location that is within the 802.11\n communications range.(CVE-2019-16275)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2144\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afbe49bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-15T14:49:19", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has gssdp packages installed that are affected by a vulnerability:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : gssdp Vulnerability (NS-SA-2022-0065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:gssdp", "p-cpe:/a:zte:cgsl_main:gssdp-debuginfo", "p-cpe:/a:zte:cgsl_main:gssdp-debugsource", "p-cpe:/a:zte:cgsl_main:gssdp-devel", "p-cpe:/a:zte:cgsl_main:gssdp-docs", "p-cpe:/a:zte:cgsl_main:gssdp-utils", "p-cpe:/a:zte:cgsl_main:gssdp-utils-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0065_GSSDP.NASL", "href": "https://www.tenable.com/plugins/nessus/160741", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0065. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160741);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-12695\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : gssdp Vulnerability (NS-SA-2022-0065)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has gssdp packages installed that are affected by a\nvulnerability:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0065\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL gssdp packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gssdp-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'gssdp-1.0.5-1.el8',\n 'gssdp-debuginfo-1.0.5-1.el8',\n 'gssdp-debugsource-1.0.5-1.el8',\n 'gssdp-devel-1.0.5-1.el8',\n 'gssdp-docs-1.0.5-1.el8',\n 'gssdp-utils-1.0.5-1.el8',\n 'gssdp-utils-debuginfo-1.0.5-1.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:52:15", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : gssdp and gupnp (RHSA-2021:1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:gssdp", "p-cpe:/a:redhat:enterprise_linux:gssdp-devel", "p-cpe:/a:redhat:enterprise_linux:gssdp-docs", "p-cpe:/a:redhat:enterprise_linux:gupnp", "p-cpe:/a:redhat:enterprise_linux:gupnp-devel"], "id": "REDHAT-RHSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/149658", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1789. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149658);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"RHSA\", value:\"2021:1789\");\n\n script_name(english:\"RHEL 8 : gssdp and gupnp (RHSA-2021:1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/918.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1846006\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 400, 918);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gupnp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / gupnp / gupnp-devel');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:46:37", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-1372)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1372.NASL", "href": "https://www.tenable.com/plugins/nessus/146724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146724);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-1372)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1372\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb2a9dd9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:52:52", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : gssdp and gupnp (CESA-2021:1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:gssdp", "p-cpe:/a:centos:centos:gssdp-devel", "p-cpe:/a:centos:centos:gssdp-docs", "p-cpe:/a:centos:centos:gupnp", "p-cpe:/a:centos:centos:gupnp-devel"], "id": "CENTOS8_RHSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/149763", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1789. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149763);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"RHSA\", value:\"2021:1789\");\n\n script_name(english:\"CentOS 8 : gssdp and gupnp (CESA-2021:1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:1789 advisory.\n\n - hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gupnp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / gupnp / gupnp-devel');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:52:32", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-05-27T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:gssdp", "p-cpe:/a:oracle:linux:gssdp-devel", "p-cpe:/a:oracle:linux:gssdp-docs", "p-cpe:/a:oracle:linux:gupnp", "p-cpe:/a:oracle:linux:gupnp-devel"], "id": "ORACLELINUX_ELSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/149916", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1789.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149916);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/27\");\n\n script_cve_id(\"CVE-2020-12695\");\n\n script_name(english:\"Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1789.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gupnp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-18T00:00:55", "description": "Yunus Çadırcı found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass firewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version 1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gupnp\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "Debian DLA-2315-1 : gupnp security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-gupnp-1.0", "p-cpe:/a:debian:debian_linux:libgupnp-1.0-4", "p-cpe:/a:debian:debian_linux:libgupnp-1.0-dev", "p-cpe:/a:debian:debian_linux:libgupnp-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2315.NASL", "href": "https://www.tenable.com/plugins/nessus/139388", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2315-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139388);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n\n script_name(english:\"Debian DLA-2315-1 : gupnp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Yunus Çadırcı found an issue in the SUBSCRIBE\nmethod of UPnP, a network protocol for devices to automatically\ndiscover and communicate with each other. Insuficient checks on this\nmethod allowed attackers to use vulnerable UPnP services for DoS\nattacks or possibly to bypass firewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/gupnp\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/gupnp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/gupnp\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-gupnp-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgupnp-1.0-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgupnp-1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgupnp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"gir1.2-gupnp-1.0\", reference:\"1.0.1-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgupnp-1.0-4\", reference:\"1.0.1-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgupnp-1.0-dev\", reference:\"1.0.1-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgupnp-doc\", reference:\"1.0.1-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-17T23:57:31", "description": "Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "Fedora 31 : gssdp / gupnp (2020-e538e3e526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gssdp", "p-cpe:/a:fedoraproject:fedora:gupnp", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-E538E3E526.NASL", "href": "https://www.tenable.com/plugins/nessus/138243", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-e538e3e526.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138243);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"FEDORA\", value:\"2020-e538e3e526\");\n\n script_name(english:\"Fedora 31 : gssdp / gupnp (2020-e538e3e526)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-e538e3e526\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected gssdp and / or gupnp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"gssdp-1.0.4-1.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"gupnp-1.0.5-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gssdp / gupnp\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-17T23:55:42", "description": "Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-07-06T00:00:00", "type": "nessus", "title": "Fedora 32 : gssdp / gupnp (2020-1f7fc0d0c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gssdp", "p-cpe:/a:fedoraproject:fedora:gupnp", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-1F7FC0D0C9.NASL", "href": "https://www.tenable.com/plugins/nessus/138109", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-1f7fc0d0c9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138109);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"FEDORA\", value:\"2020-1f7fc0d0c9\");\n\n script_name(english:\"Fedora 32 : gssdp / gupnp (2020-1f7fc0d0c9)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security update for CVE-2020-12695 (CallStranger)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f7fc0d0c9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected gssdp and / or gupnp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"gssdp-1.0.4-1.fc32\")) flag++;\nif (rpm_check(release:\"FC32\", reference:\"gupnp-1.0.5-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gssdp / gupnp\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-17T23:58:25", "description": "Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-07-06T00:00:00", "type": "nessus", "title": "Fedora 32 : hostapd (2020-df3e1cfde9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:hostapd", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-DF3E1CFDE9.NASL", "href": "https://www.tenable.com/plugins/nessus/138120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-df3e1cfde9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138120);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"FEDORA\", value:\"2020-df3e1cfde9\");\n\n script_name(english:\"Fedora 32 : hostapd (2020-df3e1cfde9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-df3e1cfde9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"hostapd-2.9-4.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-18T00:03:30", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4494-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-09-15T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : GUPnP vulnerability (USN-4494-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-gupnp-1.2", "p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-0", "p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-dev"], "id": "UBUNTU_USN-4494-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140590", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4494-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140590);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"USN\", value:\"4494-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : GUPnP vulnerability (USN-4494-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the\nUSN-4494-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4494-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gir1.2-gupnp-1.2, libgupnp-1.2-0 and / or libgupnp-1.2-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-gupnp-1.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgupnp-1.2-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-gupnp-1.2', 'pkgver': '1.2.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libgupnp-1.2-0', 'pkgver': '1.2.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libgupnp-1.2-dev', 'pkgver': '1.2.3-0ubuntu0.20.04.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-gupnp-1.2 / libgupnp-1.2-0 / libgupnp-1.2-dev');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-18T00:04:10", "description": "According to the version of the wpa_supplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : wpa_supplicant (EulerOS-SA-2020-1981)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1981.NASL", "href": "https://www.tenable.com/plugins/nessus/140351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140351);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : wpa_supplicant (EulerOS-SA-2020-1981)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1981\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ac7aba5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:09:50", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : wpa_supplicant (EulerOS-SA-2020-2276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2276.NASL", "href": "https://www.tenable.com/plugins/nessus/142089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142089);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : wpa_supplicant (EulerOS-SA-2020-2276)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2276\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d755d80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:11:45", "description": "According to the version of the wpa_supplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2020-2477)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2020-2477.NASL", "href": "https://www.tenable.com/plugins/nessus/142553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142553);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2020-2477)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2477\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65e3f8e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-9.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:44:20", "description": "According to the version of the wpa_supplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/145214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145214);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2020-12695\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wpa_supplicant package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Open Connectivity Foundation UPnP specification\n before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different\n network segment than the fully qualified\n event-subscription URL, aka the CallStranger\n issue.(CVE-2020-12695)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1131\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?949bf168\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-5.1.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:44:23", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:gssdp", "p-cpe:/a:alma:linux:gssdp-devel", "p-cpe:/a:alma:linux:gssdp-docs", "p-cpe:/a:alma:linux:gupnp-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/157724", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1789.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157724);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-12695\");\n script_xref(name:\"ALSA\", value:\"2021:1789\");\n\n script_name(english:\"AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2021:1789 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1789.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gssdp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gssdp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gssdp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gupnp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-devel-1.0.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gssdp-docs-1.0.5-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gupnp-devel-1.0.6-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gssdp / gssdp-devel / gssdp-docs / gupnp-devel');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-12T15:11:32", "description": "Two vulnerabilities were found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).\n\n - CVE-2019-13377 A timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password.\n\n - CVE-2019-16275 Insufficient source address validation for some received Management frames in hostapd could lead to a denial of service for stations associated to an access point. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-09-30T00:00:00", "type": "nessus", "title": "Debian DSA-4538-1 : wpa - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13377", "CVE-2019-16275"], "modified": "2019-12-23T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:wpa:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4538.NASL", "href": "https://www.tenable.com/plugins/nessus/129416", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4538. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129416);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-13377\", \"CVE-2019-16275\");\n script_xref(name:\"DSA\", value:\"4538\");\n\n script_name(english:\"Debian DSA-4538-1 : wpa - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were found in the WPA protocol implementation\nfound in wpa_supplication (station) and hostapd (access point).\n\n - CVE-2019-13377\n A timing-based side-channel attack against WPA3's\n Dragonfly handshake when using Brainpool curves could be\n used by an attacker to retrieve the password.\n\n - CVE-2019-16275\n Insufficient source address validation for some received\n Management frames in hostapd could lead to a denial of\n service for stations associated to an access point. An\n attacker in radio range of the access point could inject\n a specially constructed unauthenticated IEEE 802.11\n frame to the access point to cause associated stations\n to be disconnected and require a reconnection to the\n network.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-16275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4538\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wpa packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2:2.7+git20190128+0c1e29f-6+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13377\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"hostapd\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpagui\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpasupplicant\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-10T16:02:14", "description": "This update for wpa_supplicant fixes the following issues :\n\nCVE-2021-0326: P2P group information processing vulnerability (bsc#1181777).\n\nCVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:0478-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275", "CVE-2021-0326"], "modified": "2021-02-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0478-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146523", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0478-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146523);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2019-16275\", \"CVE-2021-0326\");\n\n script_name(english:\"SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:0478-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nCVE-2021-0326: P2P group information processing vulnerability\n(bsc#1181777).\n\nCVE-2019-16275: AP mode PMF disconnection protection bypass\n(bsc#1150934)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16275/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-0326/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210478-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5225d65f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-478=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-478=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-478=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-478=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-478=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-478=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-478=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-478=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-478=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-478=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-478=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-478=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-478=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-478=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"wpa_supplicant-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"wpa_supplicant-debuginfo-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"wpa_supplicant-debugsource-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-debuginfo-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wpa_supplicant-debugsource-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.6-15.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.6-15.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-15T14:48:20", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple vulnerabilities:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. (CVE-2021-33516)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2021-33516"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:gupnp", "p-cpe:/a:zte:cgsl_main:gupnp-debuginfo", "p-cpe:/a:zte:cgsl_main:gupnp-debugsource", "p-cpe:/a:zte:cgsl_main:gupnp-devel", "p-cpe:/a:zte:cgsl_main:gupnp-docs", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0060_GUPNP.NASL", "href": "https://www.tenable.com/plugins/nessus/160727", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0060. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160727);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2021-33516\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple\nvulnerabilities:\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A\n remote web server can exploit this vulnerability to trick a victim's browser into triggering actions\n against local UPnP services implemented using this library. Depending on the affected service, this could\n be used for data exfiltration, data tempering, etc. (CVE-2021-33516)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0060\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-12695\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33516\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL gupnp packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33516\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gupnp-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'gupnp-1.0.6-2.el8_4',\n 'gupnp-debuginfo-1.0.6-2.el8_4',\n 'gupnp-debugsource-1.0.6-2.el8_4',\n 'gupnp-devel-1.0.6-2.el8_4',\n 'gupnp-docs-1.0.6-2.el8_4'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gupnp');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:14:18", "description": "It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the 'CallStranger' UPnP vulnerability.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.1.6+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-11T00:00:00", "type": "nessus", "title": "Debian DLA-2489-1 : minidlna security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:minidlna", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2489.NASL", "href": "https://www.tenable.com/plugins/nessus/144092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2489-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144092);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n\n script_name(english:\"Debian DLA-2489-1 : minidlna security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to the\n'CallStranger' UPnP vulnerability.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.6+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/minidlna\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/minidlna\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected minidlna package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"minidlna\", reference:\"1.1.6+dfsg-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:13:47", "description": "It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the'CallStranger' UPnP vulnerability.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "Debian DSA-4806-1 : minidlna - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:minidlna", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4806.NASL", "href": "https://www.tenable.com/plugins/nessus/143544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4806. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143544);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n script_xref(name:\"DSA\", value:\"4806\");\n\n script_name(english:\"Debian DSA-4806-1 : minidlna - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to\nthe'CallStranger' UPnP vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/minidlna\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/minidlna\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4806\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the minidlna packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 1.2.1+dfsg-2+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"minidlna\", reference:\"1.2.1+dfsg-2+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:15:31", "description": "This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4 Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : minidlna (openSUSE-2020-2160)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:minidlna", "p-cpe:/a:novell:opensuse:minidlna-debuginfo", "p-cpe:/a:novell:opensuse:minidlna-debugsource", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2160.NASL", "href": "https://www.tenable.com/plugins/nessus/143514", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2160.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143514);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n\n script_name(english:\"openSUSE Security Update : minidlna (openSUSE-2020-2160)\");\n script_summary(english:\"Check for the openSUSE-2020-2160 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly\n name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be\n truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in\n getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4\n Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients,\n and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179447\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected minidlna packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"minidlna-1.3.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"minidlna-debuginfo-1.3.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"minidlna-debugsource-1.3.0-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"minidlna / minidlna-debuginfo / minidlna-debugsource\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-06-23T15:14:23", "description": "This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4 Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : minidlna (openSUSE-2020-2194)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:minidlna", "p-cpe:/a:novell:opensuse:minidlna-debuginfo", "p-cpe:/a:novell:opensuse:minidlna-debugsource", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2194.NASL", "href": "https://www.tenable.com/plugins/nessus/143548", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2194.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143548);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n\n script_name(english:\"openSUSE Security Update : minidlna (openSUSE-2020-2194)\");\n script_summary(english:\"Check for the openSUSE-2020-2194 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for minidlna fixes the following issues :\n\nminidlna was updated to version 1.3.0 (boo#1179447)\n\n - Fixed some build warnings when building with musl.\n\n - Use $USER instead of $LOGNAME for the default friendly\n name.\n\n - Fixed build with GCC 10\n\n - Fixed some warnings from newer compilers\n\n - Disallow negative HTTP chunk lengths. [CVE-2020-28926]\n\n - Validate SUBSCRIBE callback URL. [CVE-2020-12695]\n\n - Fixed spurious warnings with ogg coverart\n\n - Fixed an issue with VLC where browse results would be\n truncated.\n\n - Fixed bookmarks on Samsung Q series\n\n - Added DSD file support.\n\n - Fixed potential stack smash vulnerability in\n getsyshwaddr on macOS.\n\n - Will now reload the log file on SIGHUP.\n\n - Worked around bad SearchCriteria from the Control4\n Android app.\n\n - Increased max supported network addresses to 8.\n\n - Added forced alphasort capability.\n\n - Added episode season and number metadata support.\n\n - Enabled subtitles by default for unknown DLNA clients,\n and add enable_subtitles config option.\n\n - Fixed discovery when connected to certain WiFi routers.\n\n - Added FreeBSD kqueue support.\n\n - Added the ability to set the group to run as.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179447\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected minidlna packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:minidlna-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"minidlna-1.3.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"minidlna-debuginfo-1.3.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"minidlna-debugsource-1.3.0-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"minidlna / minidlna-debuginfo / minidlna-debugsource\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-07-15T14:47:32", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4722-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. (CVE-2020-28926)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : ReadyMedia (MiniDLNA) vulnerabilities (USN-4722-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:minidlna"], "id": "UBUNTU_USN-4722-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146209", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4722-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146209);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2020-28926\");\n script_xref(name:\"USN\", value:\"4722-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : ReadyMedia (MiniDLNA) vulnerabilities (USN-4722-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has a package installed that is affected by multiple\nvulnerabilities as referenced in the USN-4722-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP\n HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in\n a buffer overflow in calls to memcpy/memmove. (CVE-2020-28926)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4722-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected minidlna package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:minidlna\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'minidlna', 'pkgver': '1.1.5+dfsg-2ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'minidlna', 'pkgver': '1.2.1+dfsg-1ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'minidlna', 'pkgver': '1.2.1+dfsg-1ubuntu0.20.04.1'},\n {'osver': '20.10', 'pkgname': 'minidlna', 'pkgver': '1.2.1+dfsg-2ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'minidlna');\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T16:01:33", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4734-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : wpa_supplicant and hostapd vulnerabilities (USN-4734-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326"], "modified": "2021-02-19T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:hostapd", "p-cpe:/a:canonical:ubuntu_linux:wpagui", "p-cpe:/a:canonical:ubuntu_linux:wpasupplicant", "p-cpe:/a:canonical:ubuntu_linux:wpasupplicant-udeb"], "id": "UBUNTU_USN-4734-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146437", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4734-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146437);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2021-0326\");\n script_xref(name:\"USN\", value:\"4734-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : wpa_supplicant and hostapd vulnerabilities (USN-4734-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4734-1 advisory.\n\n - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a\n subscription request with a delivery URL on a different network segment than the fully qualified event-\n subscription URL, aka the CallStranger issue. (CVE-2020-12695)\n\n - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.\n This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4734-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0326\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpagui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wpasupplicant-udeb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'hostapd', 'pkgver': '1:2.4-0ubuntu6.7'},\n {'osver': '16.04', 'pkgname': 'wpagui', 'pkgver': '2.4-0ubuntu6.7'},\n {'osver': '16.04', 'pkgname': 'wpasupplicant', 'pkgver': '2.4-0ubuntu6.7'},\n {'osver': '16.04', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2.4-0ubuntu6.7'},\n {'osver': '18.04', 'pkgname': 'hostapd', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '18.04', 'pkgname': 'wpagui', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '18.04', 'pkgname': 'wpasupplicant', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '18.04', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2:2.6-15ubuntu2.7'},\n {'osver': '20.04', 'pkgname': 'hostapd', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.04', 'pkgname': 'wpagui', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.04', 'pkgname': 'wpasupplicant', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.04', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2:2.9-1ubuntu4.2'},\n {'osver': '20.10', 'pkgname': 'hostapd', 'pkgver': '2:2.9-1ubuntu8.1'},\n {'osver': '20.10', 'pkgname': 'wpagui', 'pkgver': '2:2.9-1ubuntu8.1'},\n {'osver': '20.10', 'pkgname': 'wpasupplicant', 'pkgver': '2:2.9-1ubuntu8.1'},\n {'osver': '20.10', 'pkgname': 'wpasupplicant-udeb', 'pkgver': '2:2.9-1ubuntu8.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'hostapd / wpagui / wpasupplicant / wpasupplicant-udeb');\n}", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-18T00:00:54", "description": "The following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\nhostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.\n\nCVE-2020-12695\n\nThe Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version 2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}, "published": "2020-08-10T00:00:00", "type": "nessus", "title": "Debian DLA-2318-1 : wpa security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hostapd", "p-cpe:/a:debian:debian_linux:wpagui", "p-cpe:/a:debian:debian_linux:wpasupplicant", "p-cpe:/a:debian:debian_linux:wpasupplicant-udeb", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2318.NASL", "href": "https://www.tenable.com/plugins/nessus/139429", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2318-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139429);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2019-10064\", \"CVE-2020-12695\");\n\n script_name(english:\"Debian DLA-2318-1 : wpa security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\nhostapd before 2.6, in EAP mode, makes calls to the rand() and\nrandom() standard library functions without any preceding srand() or\nsrandom() call, which results in inappropriate use of deterministic\nvalues. This was fixed in conjunction with CVE-2016-10743.\n\nCVE-2020-12695\n\nThe Open Connectivity Foundation UPnP specification before 2020-04-17\ndoes not forbid the acceptance of a subscription request with a\ndelivery URL on a different network segment than the fully qualified\nevent-subscription URL, aka the CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/wpa\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wpa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12695\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpagui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpasupplicant-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hostapd\", reference:\"2:2.4-1+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpagui\", reference:\"2:2.4-1+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant\", reference:\"2:2.4-1+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.4-1+deb9u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T16:14:20", "description": "Several vulnerabilities have been discovered in wpa_supplicant and hostapd.\n\n - CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service.\n\n - CVE-2021-0326 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) group information from active group owners. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.\n\n - CVE-2021-27803 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) provision discovery requests.\n An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-23T00:00:00", "type": "nessus", "title": "Debian DSA-4898-1 : wpa - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2021-04-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wpa", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4898.NASL", "href": "https://www.tenable.com/plugins/nessus/148967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4898. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148967);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/27\");\n\n script_cve_id(\"CVE-2020-12695\", \"CVE-2021-0326\", \"CVE-2021-27803\");\n script_xref(name:\"DSA\", value:\"4898\");\n\n script_name(english:\"Debian DSA-4898-1 : wpa - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in wpa_supplicant and\nhostapd.\n\n - CVE-2020-12695\n It was discovered that hostapd does not properly handle\n UPnP subscribe messages under certain conditions,\n allowing an attacker to cause a denial of service.\n\n - CVE-2021-0326\n It was discovered that wpa_supplicant does not properly\n process P2P (Wi-Fi Direct) group information from active\n group owners. An attacker within radio range of the\n device running P2P could take advantage of this flaw to\n cause a denial of service or potentially execute\n arbitrary code.\n\n - CVE-2021-27803\n It was discovered that wpa_supplicant does not properly\n process P2P (Wi-Fi Direct) provision discovery requests.\n An attacker within radio range of the device running P2P\n could take advantage of this flaw to cause a denial of\n service or potentially execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-0326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-27803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/wpa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4898\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the wpa packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2:2.7+git20190128+0c1e29f-6+deb10u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0326\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wpa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"hostapd\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpagui\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpasupplicant\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wpasupplicant-udeb\", reference:\"2:2.7+git20190128+0c1e29f-6+deb10u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-16T14:20:45", "description": "According to the versions of the wpa_supplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.(CVE-2019-16275)\n\n - The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service).\n This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.(CVE-2019-11555)\n\n - The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.(CVE-2019-9499)\n\n - The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.(CVE-2019-9498)\n\n - The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange.\n Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.(CVE-2019-9497)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : wpa_supplicant (EulerOS-SA-2020-1073)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11555", "CVE-2019-16275", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wpa_supplicant", "cpe:/o:huawei:euleros:uvp:3.0.5.0"], "id": "EULEROS_SA-2020-1073.NASL", "href": "https://www.tenable.com/plugins/nessus/132827", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132827);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-11555\",\n \"CVE-2019-16275\",\n \"CVE-2019-9497\",\n \"CVE-2019-9498\",\n \"CVE-2019-9499\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : wpa_supplicant (EulerOS-SA-2020-1073)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wpa_supplicant package installed,\nthe EulerOS Virtualization for ARM 64 installation on the remote host\nis affected by the following vulnerabilities :\n\n - hostapd before 2.10 and wpa_supplicant before 2.10\n allow an incorrect indication of disconnection in\n certain situations because source address validation is\n mishandled. This is a denial of service that should\n have been prevented by PMF (aka management frame\n protection). The attacker must send a crafted 802.11\n frame from a location that is within the 802.11\n communications range.(CVE-2019-16275)\n\n - The EAP-pwd implementation in hostapd (EAP server)\n before 2.8 and wpa_supplicant (EAP peer) before 2.8\n does not validate fragmentation reassembly state\n properly for a case where an unexpected fragment could\n be received. This could result in process termination\n due to a NULL pointer dereference (denial of service).\n This affects eap_server/eap_server_pwd.c and\n eap_peer/eap_pwd.c.(CVE-2019-11555)\n\n - The implementations of EAP-PWD in wpa_supplicant EAP\n Peer, when built against a crypto library missing\n explicit validation on imported elements, do not\n validate the scalar and element values in\n EAP-pwd-Commit. An attacker may complete\n authentication, session key and control of the data\n connection with a client. Both hostapd with SAE support\n and wpa_supplicant with SAE support prior to and\n including version 2.4 are affected. Both hostapd with\n EAP-pwd support and wpa_supplicant with EAP-pwd support\n prior to and including version 2.7 are\n affected.(CVE-2019-9499)\n\n - The implementations of EAP-PWD in hostapd EAP Server,\n when built against a crypto library missing explicit\n validation on imported elements, do not validate the\n scalar and element values in EAP-pwd-Commit. An\n attacker may be able to use invalid scalar/element\n values to complete authentication, gaining session key\n and network access without needing or learning the\n password. Both hostapd with SAE support and\n wpa_supplicant with SAE support prior to and including\n version 2.4 are affected. Both hostapd with EAP-pwd\n support and wpa_supplicant with EAP-pwd support prior\n to and including version 2.7 are\n affected.(CVE-2019-9498)\n\n - The implementations of EAP-PWD in hostapd EAP Server\n and wpa_supplicant EAP Peer do not validate the scalar\n and element values in EAP-pwd-Commit. This\n vulnerability may allow an attacker to complete EAP-PWD\n authentication without knowing the password. However,\n unless the crypto library does not implement additional\n checks for the EC point, the attacker will not be able\n to derive the session key or complete the key exchange.\n Both hostapd with SAE support and wpa_supplicant with\n SAE support prior to and including version 2.4 are\n affected. Both hostapd with EAP-pwd support and\n wpa_supplicant with EAP-pwd support prior to and\n including version 2.7 are affected.(CVE-2019-9497)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1073\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a71b0ec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wpa_supplicant packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"wpa_supplicant-2.6-17.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-15T12:41:30", "description": "This update for wpa_supplicant fixes the following issues :\n\nwpa_supplicant was updated to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when using FT protocol\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nEnable SAE support(jsc#SLE-14992).\n\nCVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934)\n\nFix wicked wlan (bsc#1156920)\n\nStill include fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nChange wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933)\n\nAdjust the service to start after network.target wrt bsc#1165266\n\nUsing O_WRONLY flag [http://w1.fi/security/2015-5/] (CVE-2015-8041)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3424-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143704", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3424-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143704);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n\n script_name(english:\"SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nwpa_supplicant was updated to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21 (i.e., disable groups 25 and 26) and disable all\n unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation guidance in REVmd (allow only FFC groups\n with prime >= 3072 bits and ECC groups with prime >=\n 256)\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-1/]\n (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-2/]\n (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/] (CVE-2019-9497,\n CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555,\n bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377,\n bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection for SAE; note: this is not backwards\n compatible, i.e., both the AP and station side\n implementations will need to be update at the same time\n to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128, BIP-GMAC-256 in addition to previously\n supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when using FT protocol\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nEnable SAE support(jsc#SLE-14992).\n\nCVE-2019-16275: AP mode PMF disconnection protection bypass\n(bsc#1150934)\n\nFix wicked wlan (bsc#1156920)\n\nStill include fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nChange wpa_supplicant.service to ensure wpa_supplicant gets started\nbefore network. Fix WLAN config on boot with wicked. (bsc#1166933)\n\nAdjust the service to start after network.target wrt bsc#1165266\n\nUsing O_WRONLY flag [http://w1.fi/security/2015-5/] (CVE-2015-8041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://w1.fi/security/2015-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13082/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16275/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9494/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9495/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9497/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9498/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9499/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203424-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?87df2f82\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3424=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-2.9-23.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-debuginfo-2.9-23.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"wpa_supplicant-debugsource-2.9-23.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-15T12:45:31", "description": "This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when using FT protocol\n\n - Changed service-files for start after network (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wpa_supplicant", "p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo", "p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2053.NASL", "href": "https://www.tenable.com/plugins/nessus/143321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2053.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143321);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/02\");\n\n script_cve_id(\"CVE-2015-4141\", \"CVE-2015-4142\", \"CVE-2015-4143\", \"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n\n script_name(english:\"openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK)\");\n script_summary(english:\"Check for the openSUSE-2020-2053 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection\n protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service\n (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is\n obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21 (i.e., disable groups 25 and 26) and disable all\n unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation guidance in REVmd (allow only FFC groups\n with prime >= 3072 bits and ECC groups with prime >=\n 256)\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-1/]\n (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-2/]\n (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/] (CVE-2019-9497,\n CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555,\n bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377,\n bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection for SAE; note: this is not backwards\n compatible, i.e., both the AP and station side\n implementations will need to be update at the same time\n to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128, BIP-GMAC-256 in addition to previously\n supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when using FT protocol\n\n - Changed service-files for start after network\n (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wpa_supplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-debuginfo-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-debugsource-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-gui-2.9-lp151.5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"wpa_supplicant-gui-debuginfo-2.9-lp151.5.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-15T12:42:31", "description": "This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when using FT protocol\n\n - Changed service-files for start after network (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wpa_supplicant", "p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo", "p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui", "p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2059.NASL", "href": "https://www.tenable.com/plugins/nessus/143304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2059.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143304);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/02\");\n\n script_cve_id(\"CVE-2015-4141\", \"CVE-2015-4142\", \"CVE-2015-4143\", \"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n\n script_name(english:\"openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)\");\n script_summary(english:\"Check for the openSUSE-2020-2059 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-16275: Fixed an AP mode PMF disconnection\n protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\n - Enable SAE support (jsc#SLE-14992).\n\n - Limit P2P_DEVICE name to appropriate ifname size.\n\n - Fix wicked wlan (bsc#1156920)\n\n - Restore fi.epitest.hostap.WPASupplicant.service\n (bsc#1167331)\n\n - With v2.9 fi.epitest.hostap.WPASupplicant.service is\n obsolete (bsc#1167331)\n\n - Fix WLAN config on boot with wicked. (bsc#1166933)\n\n - Update to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n [https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21 (i.e., disable groups 25 and 26) and disable all\n unsuitable groups completely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n anti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation guidance in REVmd (allow only FFC groups\n with prime >= 3072 bits and ECC groups with prime >=\n 256)\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-1/]\n (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation [https://w1.fi/security/2019-2/]\n (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/] (CVE-2019-9497,\n CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n bsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n [https://w1.fi/security/2019-5/] (CVE-2019-11555,\n bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and 27)\n\n - SAE/EAP-pwd side-channel attack update\n [https://w1.fi/security/2019-6/] (CVE-2019-13377,\n bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP supports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from credentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel macsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2 PSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection for SAE; note: this is not backwards\n compatible, i.e., both the AP and station side\n implementations will need to be update at the same time\n to maintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128, BIP-GMAC-256 in addition to previously\n supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when using FT protocol\n\n - Changed service-files for start after network\n (systemd-networkd).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wpa_supplicant packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wpa_supplicant-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-debuginfo-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-debugsource-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-gui-2.9-lp152.8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"wpa_supplicant-gui-debuginfo-2.9-lp152.8.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant / wpa_supplicant-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-15T12:38:23", "description": "This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934).\n\nNon-security issues fixed :\n\nEnable SAE support (jsc#SLE-14992).\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nFix wicked wlan (bsc#1156920)\n\nRestore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nWith v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)\n\nFix WLAN config on boot with wicked. (bsc#1166933)\n\nUpdate to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured (eap_pwd_groups)\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm identity\n\n - fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS v1.3\n\n - fixed a regression in WMM parameter configuration for a TDLS peer\n\n - fixed a regression in operation with drivers that offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19, 20, 21\n\n(i.e., disable groups 25 and 26) and disable all unsuitable groups\n\ncompletely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n\nanti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new implementation\n\nguidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC\n\ngroups with prime >= 256)\n\n - minimize timing and memory use differences in PWE derivation\n\n[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE derivation\n\n[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element [https://w1.fi/security/2019-4/]\n\n(CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872,\n\nbsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n\n[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups 25, 26, and\n\n27)\n\n - SAE/EAP-pwd side-channel attack update\n\n[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the one AP\n\nsupports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created from\n\ncredentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow list of values\n\n - added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key authentication\n\n - added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit level\n\n - fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux kernel\n\nmacsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate selection\n\n - added option to configure allowed group management cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of the WPA2\n\nPSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection\n\nfor SAE; note: this is not backwards compatible, i.e., both the AP and\n\nstation side implementations will need to be update at the same time to\n\nmaintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,\n\nBIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request frame when\n\nusing FT protocol\n\nChanged service-files for start after network (systemd-networkd).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4141", "CVE-2015-4142", "CVE-2015-4143", "CVE-2015-8041", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088", "CVE-2018-14526", "CVE-2019-11555", "CVE-2019-13377", "CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wpa_supplicant", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo", "p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3380-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143627", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3380-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143627);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2015-4141\", \"CVE-2015-4142\", \"CVE-2015-4143\", \"CVE-2015-8041\", \"CVE-2017-13077\", \"CVE-2017-13078\", \"CVE-2017-13079\", \"CVE-2017-13080\", \"CVE-2017-13081\", \"CVE-2017-13082\", \"CVE-2017-13086\", \"CVE-2017-13087\", \"CVE-2017-13088\", \"CVE-2018-14526\", \"CVE-2019-11555\", \"CVE-2019-13377\", \"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n script_bugtraq_id(74549);\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for wpa_supplicant fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass\n(bsc#1150934).\n\nNon-security issues fixed :\n\nEnable SAE support (jsc#SLE-14992).\n\nLimit P2P_DEVICE name to appropriate ifname size.\n\nFix wicked wlan (bsc#1156920)\n\nRestore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)\n\nWith v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete\n(bsc#1167331)\n\nFix WLAN config on boot with wicked. (bsc#1166933)\n\nUpdate to 2.9 release :\n\n - SAE changes\n\n - disable use of groups using Brainpool curves\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - EAP-pwd changes\n\n - disable use of groups using Brainpool curves\n\n - allow the set of groups to be configured\n (eap_pwd_groups)\n\n - improved protection against side channel attacks\n\n[https://w1.fi/security/2019-6/]\n\n - fixed FT-EAP initial mobility domain association using\n PMKSA caching (disabled by default for backwards\n compatibility; can be enabled with\n ft_eap_pmksa_caching=1)\n\n - fixed a regression in OpenSSL 1.1+ engine loading\n\n - added validation of RSNE in (Re)Association Response\n frames\n\n - fixed DPP bootstrapping URI parser of channel list\n\n - extended EAP-SIM/AKA fast re-authentication to allow use\n with FILS\n\n - extended ca_cert_blob to support PEM format\n\n - improved robustness of P2P Action frame scheduling\n\n - added support for EAP-SIM/AKA using anonymous@realm\n identity\n\n - fixed Hotspot 2.0 credential selection based on roaming\n consortium to ignore credentials without a specific EAP\n method\n\n - added experimental support for EAP-TEAP peer (RFC 7170)\n\n - added experimental support for EAP-TLS peer with TLS\n v1.3\n\n - fixed a regression in WMM parameter configuration for a\n TDLS peer\n\n - fixed a regression in operation with drivers that\n offload 802.1X 4-way handshake\n\n - fixed an ECDH operation corner case with OpenSSL\n\n - SAE changes\n\n - added support for SAE Password Identifier\n\n - changed default configuration to enable only groups 19,\n 20, 21\n\n(i.e., disable groups 25 and 26) and disable all unsuitable groups\n\ncompletely based on REVmd changes\n\n - do not regenerate PWE unnecessarily when the AP uses the\n\nanti-clogging token mechanisms\n\n - fixed some association cases where both SAE and FT-SAE\n were enabled on both the station and the selected AP\n\n - started to prefer FT-SAE over SAE AKM if both are\n enabled\n\n - started to prefer FT-SAE over FT-PSK if both are enabled\n\n - fixed FT-SAE when SAE PMKSA caching is used\n\n - reject use of unsuitable groups based on new\n implementation\n\nguidance in REVmd (allow only FFC groups with prime >= 3072 bits and\nECC\n\ngroups with prime >= 256)\n\n - minimize timing and memory use differences in PWE\n derivation\n\n[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)\n\n - EAP-pwd changes\n\n - minimize timing and memory use differences in PWE\n derivation\n\n[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)\n\n - verify server scalar/element\n [https://w1.fi/security/2019-4/]\n\n(CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874,\nbsc#1131872,\n\nbsc#1131871, bsc#1131644)\n\n - fix message reassembly issue with unexpected fragment\n\n[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)\n\n - enforce rand,mask generation rules more strictly\n\n - fix a memory leak in PWE derivation\n\n - disallow ECC groups with a prime under 256 bits (groups\n 25, 26, and\n\n27)\n\n - SAE/EAP-pwd side-channel attack update\n\n[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)\n\n - fixed CONFIG_IEEE80211R=y (FT) build without\n CONFIG_FILS=y\n\n - Hotspot 2.0 changes\n\n - do not indicate release number that is higher than the\n one AP\n\nsupports\n\n - added support for release number 3\n\n - enable PMF automatically for network profiles created\n from\n\ncredentials\n\n - fixed OWE network profile saving\n\n - fixed DPP network profile saving\n\n - added support for RSN operating channel validation\n (CONFIG_OCV=y and network profile parameter ocv=1)\n\n - added Multi-AP backhaul STA support\n\n - fixed build with LibreSSL\n\n - number of MKA/MACsec fixes and extensions\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - fixed dNSName matching in domain_match and\n domain_suffix_match when using wolfSSL\n\n - started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192\n AKM if both are enabled\n\n - extended nl80211 Connect and external authentication to\n support SAE, FT-SAE, FT-EAP-SHA384\n\n - fixed KEK2 derivation for FILS+FT\n\n - extended client_cert file to allow loading of a chain of\n PEM encoded certificates\n\n - extended beacon reporting functionality\n\n - extended D-Bus interface with number of new properties\n\n - fixed a regression in FT-over-DS with mac80211-based\n drivers\n\n - OpenSSL: allow systemwide policies to be overridden\n\n - extended driver flags indication for separate 802.1X and\n PSK 4-way handshake offload capability\n\n - added support for random P2P Device/Interface Address\n use\n\n - extended PEAP to derive EMSK to enable use with ERP/FILS\n\n - extended WPS to allow SAE configuration to be added\n automatically for PSK (wps_cred_add_sae=1)\n\n - removed support for the old D-Bus interface\n (CONFIG_CTRL_IFACE_DBUS)\n\n - extended domain_match and domain_suffix_match to allow\n list of values\n\n - added a RSN workaround for misbehaving PMF APs that\n advertise IGTK/BIP KeyID using incorrect byte order\n\n - fixed PTK rekeying with FILS and FT\n\n - fixed WPA packet number reuse with replayed messages and\n key reinstallation [https://w1.fi/security/2017-1/]\n (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\n - fixed unauthenticated EAPOL-Key decryption in\n wpa_supplicant [https://w1.fi/security/2018-1/]\n (CVE-2018-14526)\n\n - added support for FILS (IEEE 802.11ai) shared key\n authentication\n\n - added support for OWE (Opportunistic Wireless\n Encryption, RFC 8110; and transition mode defined by\n WFA)\n\n - added support for DPP (Wi-Fi Device Provisioning\n Protocol)\n\n - added support for RSA 3k key case with Suite B 192-bit\n level\n\n - fixed Suite B PMKSA caching not to update PMKID during\n each 4-way handshake\n\n - fixed EAP-pwd pre-processing with PasswordHashHash\n\n - added EAP-pwd client support for salted passwords\n\n - fixed a regression in TDLS prohibited bit validation\n\n - started to use estimated throughput to avoid undesired\n signal strength based roaming decision\n\n - MACsec/MKA :\n\n - new macsec_linux driver interface support for the Linux\n kernel\n\nmacsec module\n\n - number of fixes and extensions\n\n - added support for external persistent storage of PMKSA\n cache (PMKSA_GET/PMKSA_ADD control interface commands;\n and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)\n\n - fixed mesh channel configuration pri/sec switch case\n\n - added support for beacon report\n\n - large number of other fixes, cleanup, and extensions\n\n - added support for randomizing local address for GAS\n queries (gas_rand_mac_addr parameter)\n\n - fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel\n\n - added option for using random WPS UUID (auto_uuid=1)\n\n - added SHA256-hash support for OCSP certificate matching\n\n - fixed EAP-AKA' to add AT_KDF into\n Synchronization-Failure\n\n - fixed a regression in RSN pre-authentication candidate\n selection\n\n - added option to configure allowed group management\n cipher suites (group_mgmt network profile parameter)\n\n - removed all PeerKey functionality\n\n - fixed nl80211 AP and mesh mode configuration regression\n with Linux 4.15 and newer\n\n - added ap_isolate configuration option for AP mode\n\n - added support for nl80211 to offload 4-way handshake\n into the driver\n\n - added support for using wolfSSL cryptographic library\n\n - SAE\n\n - added support for configuring SAE password separately of\n the WPA2\n\nPSK/passphrase\n\n - fixed PTK and EAPOL-Key integrity and key-wrap algorithm\n selection\n\nfor SAE; note: this is not backwards compatible, i.e., both the AP and\n\nstation side implementations will need to be update at the same time\nto\n\nmaintain interoperability\n\n - added support for Password Identifier\n\n - fixed FT-SAE PMKID matching\n\n - Hotspot 2.0\n\n - added support for fetching of Operator Icon Metadata\n ANQP-element\n\n - added support for Roaming Consortium Selection element\n\n - added support for Terms and Conditions\n\n - added support for OSEN connection in a shared RSN BSS\n\n - added support for fetching Venue URL information\n\n - added support for using OpenSSL 1.1.1\n\n - FT\n\n - disabled PMKSA caching with FT since it is not fully\n functional\n\n - added support for SHA384 based AKM\n\n - added support for BIP ciphers BIP-CMAC-256,\n BIP-GMAC-128,\n\nBIP-GMAC-256 in addition to previously supported BIP-CMAC-128\n\n - fixed additional IE inclusion in Reassociation Request\n frame when\n\nusing FT protocol\n\nChanged service-files for start after network (systemd-networkd).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1166933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2017-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2018-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-1/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-2/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-4/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-5/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://w1.fi/security/2019-6/]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13082/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16275/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9494/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9495/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9497/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9498/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9499/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203380-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbb2c120\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3380=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3380=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3380=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3380=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3380=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3380=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9499\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wpa_supplicant-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-debuginfo-2.9-4.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"wpa_supplicant-debugsource-2.9-4.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wpa_supplicant\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "The wpa_supplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-06-13T21:32:39", "type": "mageia", "title": "Updated wpa_supplicant, hostapd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2021-06-13T21:32:39", "id": "MGASA-2021-0254", "href": "https://advisories.mageia.org/MGASA-2021-0254.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated wpa_supplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpa_supplicant. When Access Point (AP) mode and Protected Management Frames (PMF) (IEEE 802.11w) are enabled, wpa_supplicant does not perform enough validation on the source address of some received management frames. An attacker within the 802.11 communications range could use this flaw to inject an unauthenticated frame and perform a denial-of-service attack against another device which would be disconnected from the network (CVE-2019-16275). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-10T22:26:12", "type": "mageia", "title": "Updated wpa_supplicant packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2020-06-10T22:26:12", "id": "MGASA-2020-0244", "href": "https://advisories.mageia.org/MGASA-2020-0244.html", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. (CVE-2020-12695). \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-07-31T23:25:42", "type": "mageia", "title": "Updated gssdp/gupnp packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-31T23:25:42", "id": "MGASA-2020-0304", "href": "https://advisories.mageia.org/MGASA-2020-0304.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-04-18T11:19:35", "description": "It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue (CVE-2020-12695). Minidlna before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove (CVE-2020-28926). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-31T14:32:44", "type": "mageia", "title": "Updated minidlna packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-31T14:32:44", "id": "MGASA-2020-0483", "href": "https://advisories.mageia.org/MGASA-2020-0483.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "veracode": [{"lastseen": "2022-07-26T16:34:41", "description": "wpa_supplicant is vulnerable to forging attacks. It may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-27T17:42:07", "type": "veracode", "title": "Forging Attack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2022-04-19T18:43:53", "id": "VERACODE:30182", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30182/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-27T10:56:59", "description": "wpa_supplicant is vulnerable to denial of service. The vulnerability exists as it allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-10T23:27:20", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2022-04-19T18:45:44", "id": "VERACODE:25344", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25344/summary", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-26T13:30:52", "description": "hostapd is vulnerable to authorization bypass. The vulnerability exists as the Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-08-06T21:39:39", "type": "veracode", "title": "Authorization Bypass", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-04-23T05:23:07", "id": "VERACODE:26264", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26264/summary", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "photon": [{"lastseen": "2021-11-03T17:55:52", "description": "An update of {'wpa_supplicant'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-04-24T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-4.0-0014", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-24T00:00:00", "id": "PHSA-2021-4.0-0014", "href": "https://github.com/vmware/photon/wiki/Security-Updates-4.0-14", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-12T18:57:18", "description": "Updates of ['wpa_supplicant'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-24T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0014", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-24T00:00:00", "id": "PHSA-2021-0014", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-14", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-04T09:01:33", "description": "An update of {'wpa_supplicant', 'python3', 'python2'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-14T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-3.0-0039", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2019-17514"], "modified": "2019-11-14T00:00:00", "id": "PHSA-2019-3.0-0039", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-0039", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-12T18:50:13", "description": "Updates of ['python3', 'python2', 'wpa_supplicant', 'linux-esx', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0039", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2019-17514", "CVE-2019-19523", "CVE-2019-19526", "CVE-2019-19528"], "modified": "2019-11-18T00:00:00", "id": "PHSA-2019-0039", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-39", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:20:41", "description": "In wpa_supplicant and hostapd 2.9, forging attacks may occur because\nAlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and\ntls/x509v3.c.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | this issue only affects the internal wpa ssl code. On Ubuntu, wpa is built with OpenSSL, so the affected files aren't used at all\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-02T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30004", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-02T00:00:00", "id": "UB:CVE-2021-30004", "href": "https://ubuntu.com/security/CVE-2021-30004", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T13:37:06", "description": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect\nindication of disconnection in certain situations because source address\nvalidation is mishandled. This is a denial of service that should have been\nprevented by PMF (aka management frame protection). The attacker must send\na crafted 802.11 frame from a location that is within the 802.11\ncommunications range.\nAn attacker in radio range of the access point could inject a specially\nconstructed unauthenticated IEEE 802.11 frame to the access point to\ncause associated stations to be disconnected and require a reconnection\nto the network.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-13T00:00:00", "type": "ubuntucve", "title": "CVE-2019-16275", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-09-13T00:00:00", "id": "UB:CVE-2019-16275", "href": "https://ubuntu.com/security/CVE-2019-16275", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:28:37", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does\nnot forbid the acceptance of a subscription request with a delivery URL on\na different network segment than the fully qualified event-subscription\nURL, aka the CallStranger issue.\n\n#### Bugs\n\n * <https://github.com/pupnp/pupnp/pull/181>\n * <https://github.com/pupnp/pupnp/pull/185>\n * <https://github.com/pupnp/pupnp/pull/188>\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T00:00:00", "type": "ubuntucve", "title": "CVE-2020-12695", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-06-08T00:00:00", "id": "UB:CVE-2020-12695", "href": "https://ubuntu.com/security/CVE-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T17:17:17", "description": "In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-02T05:15:00", "type": "cve", "title": "CVE-2021-30004", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-07T12:47:00", "cpe": ["cpe:/a:w1.fi:hostapd:2.9", "cpe:/a:w1.fi:wpa_supplicant:2.9"], "id": "CVE-2021-30004", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30004", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:hostapd:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.9:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:13:45", "description": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-12T20:15:00", "type": "cve", "title": "CVE-2019-16275", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:w1.fi:hostapd:2.9", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:w1.fi:wpa_supplicant:2.9", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2019-16275", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16275", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:hostapd:2.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:w1.fi:wpa_supplicant:2.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"]}, {"lastseen": "2022-03-23T12:35:21", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T17:15:00", "type": "cve", "title": "CVE-2020-12695", "cwe": ["CWE-276"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-04-23T00:15:00", "cpe": ["cpe:/h:hp:envy_4509_d3p94a:-", "cpe:/h:hp:deskjet_ink_advantage_5575_g0v48b:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4535_f0v64b:-", "cpe:/h:hp:hp_envy_4516_k9h52a:-", "cpe:/h:hp:envy_5000_m2u94b:-", "cpe:/h:hp:envy_110_cq809a:-", "cpe:/h:epson:xp-8600:-", "cpe:/h:hp:hp_officejet_4655_f1j00a:-", "cpe:/h:hp:envy_5541_k7g89a:-", "cpe:/h:epson:xp-702:-", "cpe:/h:hp:envy_5000_z4a74a:-", "cpe:/h:hp:envy_100_cn517c:-", "cpe:/h:hp:envy_5540_g0v53a:-", "cpe:/h:hp:envy_6540_b9s59a:-", "cpe:/h:hp:hp_envy_4528_k9t08b:-", "cpe:/h:hp:envy_photo_7800_k7s10d:-", "cpe:/h:hp:envy_4513_k9h51a:-", "cpe:/h:hp:hp_officejet_4652_k9v84b:-", "cpe:/h:hp:deskjet_ink_advantage_4535_f0v64a:-", "cpe:/h:hp:envy_photo_7100_k7g99a:-", "cpe:/h:hp:hp_envy_4521_k9t10b:-", "cpe:/h:epson:xp-4105:-", "cpe:/h:hp:envy_6020_6wd35a:-", "cpe:/h:cisco:wap150:-", "cpe:/h:hp:envy_photo_7800_k7r96a:-", "cpe:/h:hp:envy_photo_6200_y0k15a:-", "cpe:/h:epson:ew-m970a3t:-", "cpe:/h:dell:b1165nfw:-", "cpe:/h:hp:envy_5548_k7g87a:-", "cpe:/h:hp:officejet_4650_f1h96b:-", "cpe:/h:hp:envy_5545_g0v50a:-", "cpe:/a:ui:unifi_controller:-", "cpe:/h:hp:envy_4509_d3p94b:-", "cpe:/h:hp:envy_110_cq809d:-", "cpe:/h:hp:officejet_4655_f1j00a:-", "cpe:/h:hp:5030_m2u92b:-", "cpe:/h:hp:envy_114_cq811a:-", "cpe:/h:hp:envy_120_cz022c:-", "cpe:/h:hp:deskjet_ink_advantage_3548_a9t81b:-", "cpe:/h:hp:envy_4503_e6g71b:-", "cpe:/h:hp:envy_6052_5se18a:-", "cpe:/h:hp:hp_envy_4520_f0v63b:-", "cpe:/o:microsoft:xbox_one:10.0.19041.2494", "cpe:/h:hp:envy_5540_k7c85a:-", "cpe:/h:hp:deskjet_ink_advantage_4676_f1h98a:-", "cpe:/h:epson:xp-620:-", "cpe:/h:canon:selphy_cp1200:-", "cpe:/h:hp:envy_114_cq811b:-", "cpe:/h:hp:deskjet_ink_advantage_4535_f0v64b:-", "cpe:/h:hp:hp_officejet_4655_k9v82b:-", "cpe:/h:hp:envy_100_cn517a:-", "cpe:/h:hp:envy_4512_k9h49a:-", "cpe:/h:hp:envy_4502_a9t87b:-", "cpe:/h:hp:envy_5642_b9s64a:-", "cpe:/h:hp:envy_pro_6420_5se45b:-", "cpe:/h:hp:envy_photo_6222_y0k13d:-", "cpe:/h:hp:envy_4520_e6g67a:-", "cpe:/h:hp:officejet_4654_f1j06b:-", "cpe:/h:hp:deskjet_ink_advantage_4515:-", "cpe:/h:hp:envy_4522_f0v67a:-", "cpe:/h:hp:envy_5539:-", "cpe:/h:hp:envy_pro_6420_5se46a:-", "cpe:/h:hp:hp_officejet_4652_f1j02a:-", "cpe:/h:hp:envy_5542_k7c88a:-", "cpe:/h:epson:xp-241:-", "cpe:/h:cisco:wap351:-", "cpe:/h:hp:envy_photo_7100_3xd89a:-", "cpe:/h:hp:envy_4524_f0v72b:-", "cpe:/h:hp:envy_100_cn518a:-", "cpe:/h:hp:envy_7644_e4w46a:-", "cpe:/h:hp:envy_photo_6232_k7g26b:-", "cpe:/h:hp:envy_110_cq809c:-", "cpe:/h:hp:envy_100_cn517b:-", "cpe:/h:hp:officejet_4652_k9v84b:-", "cpe:/h:hp:hp_officejet_4658_v6d30b:-", "cpe:/h:hp:hp_envy_4520_e6g67b:-", "cpe:/h:hp:hp_envy_4526_k9t05b:-", "cpe:/h:hp:officejet_4654_f1j07b:-", "cpe:/h:hp:envy_4500_a9t80b:-", "cpe:/h:netgear:wnhde111:-", "cpe:/h:epson:xp-970:-", "cpe:/h:hp:deskjet_ink_advantage_4678_f1h99b:-", "cpe:/h:hp:deskjet_ink_advantage_4675_f1h97a:-", "cpe:/h:zyxel:amg1202-t10b:-", "cpe:/h:hp:envy_4526_k9t05b:-", "cpe:/h:hp:envy_4525_k9t09b:-", "cpe:/h:hp:hp_envy_4513_k9h51a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4535_f0v64a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4676_f1h98a:-", "cpe:/h:hp:officejet_4657_v6d29b:-", "cpe:/h:hp:officejet_4655_k9v82b:-", "cpe:/h:epson:xp-2101:-", "cpe:/h:hp:envy_4507_e6g70b:-", "cpe:/h:hp:envy_5020_m2u91b:-", "cpe:/h:hp:hp_officejet_4657_v6d29b:-", "cpe:/h:hp:envy_photo_7164_k7g99a:-", "cpe:/h:hp:envy_photo_7100_k7g93a:-", "cpe:/h:hp:envy_5544_k7c93a:-", "cpe:/h:hp:envy_4500_a9t89a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4675_f1h97c:-", "cpe:/h:d-link:dvg-n5412sp:-", "cpe:/h:hp:deskjet_ink_advantage_4675_f1h97b:-", "cpe:/h:hp:envy_4527_j6u61b:-", "cpe:/h:hp:deskjet_ink_advantage_3546_a9t82a:-", "cpe:/h:hp:deskjet_ink_advantage_4518:-", "cpe:/h:hp:envy_111_cq810a:-", "cpe:/h:hp:envy_4520_f0v69a:-", "cpe:/h:asus:rt-n11:-", "cpe:/h:hp:envy_photo_6252_k7g22a:-", "cpe:/h:hp:deskjet_ink_advantage_5575_g0v48c:-", "cpe:/h:hp:envy_5534:-", "cpe:/h:hp:envy_photo_6220_k7g20d:-", "cpe:/h:hp:envy_120_cz022a:-", "cpe:/h:hp:envy_100_cn519a:-", "cpe:/h:hp:envy_4504_a9t88b:-", "cpe:/h:hp:envy_4520_f0v63b:-", "cpe:/h:hp:envy_5544_k7c89a:-", "cpe:/h:hp:envy_5547_j6u64a:-", "cpe:/h:hp:envy_5640_b9s56a:-", "cpe:/h:hp:envy_4505_a9t86a:-", "cpe:/h:hp:officejet_4656_k9v81b:-", "cpe:/h:ruckussecurity:zonedirector_1200:-", "cpe:/h:hp:envy_4501_c8d05a:-", "cpe:/h:hp:officejet_4655_k9v79a:-", "cpe:/h:hp:envy_5540_g0v51a:-", "cpe:/h:hp:envy_6020_5se17a:-", "cpe:/h:hp:envy_5540_f2e72a:-", "cpe:/h:hp:envy_5644_b9s65a:-", "cpe:/h:hp:hp_envy_4520_f0v69a:-", "cpe:/h:hp:hp_envy_4527_j6u61b:-", "cpe:/h:hp:hp_envy_4523_j6u60b:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4678_f1h99b:-", "cpe:/h:tp-link:archer_c50:-", "cpe:/h:hp:hp_officejet_4650_f1h96b:-", "cpe:/h:hp:deskjet_ink_advantage_3456_a9t84c:-", "cpe:/h:hp:envy_120_cz022b:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4675_f1h97b:-", "cpe:/h:hp:officejet_4650_e6g87a:-", "cpe:/h:hp:envy_7645_e4w44a:-", "cpe:/h:hp:hp_officejet_4654_f1j06b:-", "cpe:/h:nec:wr8165n:-", "cpe:/h:hp:envy_5664_f8b08a:-", "cpe:/h:hp:envy_6020_7cz37a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4538_f0v66b:-", "cpe:/h:hp:envy_5530:-", "cpe:/h:hp:envy_5531:-", "cpe:/h:hp:envy_photo_7100_z3m37a:-", "cpe:/h:hp:envy_4524_f0v71b:-", "cpe:/h:hp:envy_photo_7800_y0g42d:-", "cpe:/h:hp:envy_5540_g0v47a:-", "cpe:/h:hp:envy_photo_7822_y0g42d:-", "cpe:/h:hp:envy_pro_6420_6wd16a:-", "cpe:/h:huawei:hg532e:-", "cpe:/h:hp:envy_photo_7800_k7s00a:-", "cpe:/h:hp:envy_5665_f8b06a:-", "cpe:/h:hp:deskjet_ink_advantage_4535_f0v64c:-", "cpe:/h:hp:envy_4504_c8d04a:-", "cpe:/h:hp:officejet_4650_f1h96a:-", "cpe:/h:hp:envy_110_cq812c:-", "cpe:/h:hp:envy_100_cn519b:-", "cpe:/h:hp:deskjet_ink_advantage_4675_f1h97c:-", "cpe:/h:hp:envy_4500_a9t80a:-", "cpe:/h:hp:officejet_4652_f1j05b:-", "cpe:/h:hp:envy_114_cq812a:-", "cpe:/h:epson:xp-2105:-", "cpe:/h:zyxel:vmg8324-b10a:-", "cpe:/h:hp:envy_4523_j6u60b:-", "cpe:/h:hp:envy_4516_k9h52a:-", "cpe:/h:hp:hp_envy_4520_f0v63a:-", "cpe:/h:hp:hp_officejet_4655_k9v79a:-", "cpe:/h:epson:xp-960:-", "cpe:/h:hp:envy_5532:-", "cpe:/h:hp:envy_photo_6200_k7g18a:-", "cpe:/h:cisco:wap131:-", "cpe:/h:epson:xp-100:-", "cpe:/h:hp:envy_5546_k7c90a:-", "cpe:/h:hp:5034_z4a74a:-", "cpe:/h:hp:deskjet_ink_advantage_4538_f0v66b:-", "cpe:/h:hp:envy_photo_6220_k7g21b:-", "cpe:/h:hp:envy_photo_7120_z3m41d:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4536_f0v65a:-", "cpe:/h:zte:zxv10_w300:-", "cpe:/h:hp:deskjet_ink_advantage_3545_a9t81a:-", "cpe:/h:hp:deskjet_ink_advantage_3545_a9t83b:-", "cpe:/h:epson:ep-101:-", "cpe:/h:epson:xp-630:-", "cpe:/h:hp:hp_officejet_4650_f1h96a:-", "cpe:/h:hp:envy_photo_6234_k7s21b:-", "cpe:/h:hp:envy_4520_e6g67b:-", "cpe:/h:hp:envy_110_cq809b:-", "cpe:/h:hp:envy_photo_7830_y0g50b:-", "cpe:/h:hp:envy_photo_6222_y0k14d:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4535_f0v64c:-", "cpe:/h:broadcom:adsl:-", "cpe:/o:microsoft:windows_10:-", "cpe:/h:hp:envy_photo_6200_y0k13d_:-", "cpe:/h:hp:envy_4511_k9h50a:-", "cpe:/h:hp:5660_f8b04a:-", "cpe:/h:hp:envy_5540_g0v52a:-", "cpe:/h:hp:envy_5000_m2u85a:-", "cpe:/h:hp:hp_officejet_4650_e6g87a:-", "cpe:/h:hp:envy_photo_7100_z3m52a:-", "cpe:/h:epson:xp-4100:-", "cpe:/h:hp:envy_4520_f0v63a:-", "cpe:/h:hp:envy_photo_6230_k7g25b:-", "cpe:/h:hp:hp_envy_4525_k9t09b:-", "cpe:/h:epson:xp-8500:-", "cpe:/h:huawei:hg255s:-", "cpe:/h:hp:envy_5543_n9u88a:-", "cpe:/h:hp:envy_5640_b9s58a:-", "cpe:/h:hp:deskjet_ink_advantage_4536_f0v65a:-", "cpe:/h:hp:envy_photo_7822_y0g43d:-", "cpe:/h:hp:envy_pro_6452_5se47a:-", "cpe:/h:hp:hp_deskjet_ink_advantage_4675_f1h97a:-", "cpe:/h:hp:envy_4521_k9t10b:-", "cpe:/h:epson:xp-440:-", "cpe:/h:hp:envy_5000_m2u85b:-", "cpe:/h:hp:envy_5000_m2u91a:-", "cpe:/h:hp:envy_pro_6455_5se45a:-", "cpe:/h:hp:hp_envy_4511_k9h50a:-", "cpe:/h:hp:envy_4528_k9t08b:-", "cpe:/h:hp:envy_4502_a9t85a:-", "cpe:/h:epson:xp-330:-", "cpe:/h:hp:hp_envy_4524_f0v72b:-", "cpe:/h:hp:hp_envy_4524_k9t01a:-", "cpe:/h:hp:5020_z4a69a:-", "cpe:/h:hp:envy_5643_b9s63a:-", "cpe:/h:hp:envy_6055_5se16a:-", "cpe:/h:hp:envy_4524_k9t01a:-", "cpe:/h:hp:envy_pro_6420_6wd14a:-", "cpe:/h:hp:envy_photo_7800_y0g52b:-", "cpe:/h:hp:hp_envy_4512_k9h49a:-", "cpe:/h:hp:envy_5536:-", "cpe:/h:hp:envy_photo_6200_k7s21b:-", "cpe:/h:hp:hp_envy_4522_f0v67a:-", "cpe:/h:epson:xp-340:-", "cpe:/h:hp:envy_5000_m2u91a:*", "cpe:/h:epson:m571t:-", "cpe:/h:hp:envy_photo_7155_z3m52a:-", "cpe:/h:hp:officejet_4652_f1j02a:-", "cpe:/h:hp:envy_photo_6200_k7g26b:-", "cpe:/h:hp:5030_z4a70a:-", "cpe:/h:hp:envy_4508_e6g72b:-", "cpe:/h:hp:officejet_4658_v6d30b:-", "cpe:/h:hp:envy_5535:-", "cpe:/h:hp:hp_envy_4520_e6g67a:-", "cpe:/h:hp:hp_officejet_4652_f1j05b:-", "cpe:/h:hp:hp_officejet_4654_f1j07b:-", "cpe:/h:hp:envy_5000_z4a54a:-", "cpe:/h:hp:envy_6020_5se16b:-", "cpe:/h:hp:envy_5646_f8b05a:-", "cpe:/h:epson:xp-320:-", "cpe:/h:hp:hp_officejet_4656_k9v81b:-", "cpe:/h:hp:deskjet_ink_advantage_3545_a9t81c:-", "cpe:/h:hp:hp_envy_4524_f0v71b:-", "cpe:/h:hp:envy_4500_d3p93a:-", "cpe:/h:hp:envy_7640:-"], "id": "CVE-2020-12695", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:h:hp:envy_6020_5se16b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:m571t:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_z4a74a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4521_k9t10b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5643_b9s63a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4650_f1h96a:-:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_y0g42d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5546_k7c90a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3546_a9t82a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6222_y0k13d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_7644_e4w46a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4508_e6g72b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5545_g0v50a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4525_k9t09b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4655_f1j00a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5547_j6u64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5544_k7c89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5642_b9s64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_f0v63b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-8600:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5020_m2u91b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-630:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6052_5se18a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5030_z4a70a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6222_y0k14d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5532:-:*:*:*:*:*:*:*", "cpe:2.3:h:nec:wr8165n:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6220_k7g21b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5536:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-320:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4502_a9t85a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4507_e6g70b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-702:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-4105:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4524_f0v72b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_5se46a:-:*:*:*:*:*:*:*", "cpe:2.3:h:zyxel:amg1202-t10b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u85a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_f2e72a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5541_k7g89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4655_k9v79a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4652_f1j02a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_6wd16a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_3xd89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v47a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_k7s21b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_y0k15a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_z4a54a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_k7g26b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4657_v6d29b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-4100:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3456_a9t84c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4655_k9v79a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7164_k7g99a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4656_k9v81b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5542_k7c88a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v51a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4523_j6u60b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn517c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4509_d3p94a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4524_f0v72b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4504_a9t88b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_e6g67b:-:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-100:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4513_k9h51a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5531:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_k7g18a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6020_5se17a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u85b:-:*:*:*:*:*:*:*", "cpe:2.3:h:canon:selphy_cp1200:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4652_k9v84b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5640_b9s58a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809b:-:*:*:*:*:*:*:*", "cpe:2.3:a:ui:unifi_controller:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4528_k9t08b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3548_a9t81b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5030_m2u92b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4512_k9h49a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_7640:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4656_k9v81b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4654_f1j06b:-:*:*:*:*:*:*:*", "cpe:2.3:h:asus:rt-n11:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4650_e6g87a:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:xbox_one:10.0.19041.2494:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5034_z4a74a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_z3m37a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4525_k9t09b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4655_f1j00a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5535:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4512_k9h49a:-:*:*:*:*:*:*:*", "cpe:2.3:h:dell:b1165nfw:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-440:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4522_f0v67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5548_k7g87a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4657_v6d29b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_114_cq811a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_k7g99a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6540_b9s59a:-:*:*:*:*:*:*:*", "cpe:2.3:h:broadcom:adsl:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4524_k9t01a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4522_f0v67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_114_cq812a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6020_6wd35a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-340:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:*", "cpe:2.3:h:d-link:dvg-n5412sp:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4654_f1j06b:-:*:*:*:*:*:*:*", "cpe:2.3:h:huawei:hg532e:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6230_k7g25b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_7645_e4w44a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4516_k9h52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4503_e6g71b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_k7c85a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4654_f1j07b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn519a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5646_f8b05a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4509_d3p94b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5543_n9u88a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-2101:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:ew-m970a3t:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5534:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t83b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4515:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_f0v63a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_5se45b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4655_k9v82b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5540_g0v53a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_a9t80b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4527_j6u61b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4511_k9h50a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4528_k9t08b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_k7s10d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4505_a9t86a:-:*:*:*:*:*:*:*", "cpe:2.3:h:netgear:wnhde111:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_e6g67b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4513_k9h51a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4652_f1j02a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7120_z3m41d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_111_cq810a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn517b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4650_f1h96b:-:*:*:*:*:*:*:*", "cpe:2.3:h:tp-link:archer_c50:-:*:*:*:*:*:*:*", "cpe:2.3:h:ruckussecurity:zonedirector_1200:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_a9t89a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6232_k7g26b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-8500:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:ep-101:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4652_k9v84b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4658_v6d30b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_114_cq811b:-:*:*:*:*:*:*:*", "cpe:2.3:h:huawei:hg255s:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u94b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4658_v6d30b:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4650_f1h96a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5544_k7c93a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5644_b9s65a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6055_5se16a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_a9t80a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6455_5se45a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5539:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-970:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5660_f8b04a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_f0v69a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4524_k9t01a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn518a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_f0v63b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:officejet_4652_f1j05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn517a:-:*:*:*:*:*:*:*", "cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*", "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7155_z3m52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6220_k7g20d:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-330:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7830_y0g50b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_z3m52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6452_5se47a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5640_b9s56a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_k7s00a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-960:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4502_a9t87b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4527_j6u61b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4654_f1j07b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_e6g67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4524_f0v71b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4521_k9t10b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4500_d3p93a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_120_cz022a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_6020_7cz37a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4511_k9h50a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4526_k9t05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7100_k7g93a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4652_f1j05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:5020_z4a69a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4504_c8d04a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6252_k7g22a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7822_y0g42d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq812c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4523_j6u60b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4655_k9v82b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4520_e6g67a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5665_f8b06a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7822_y0g43d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4518:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4516_k9h52a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-2105:-:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_k7r96a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_120_cz022b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4650_e6g87a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4524_f0v71b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_pro_6420_6wd14a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_100_cn519b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_f0v69a:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-241:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5664_f8b08a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u91a:*:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_120_cz022c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809d:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4501_c8d05a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5000_m2u91a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_envy_4520_f0v63a:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_4526_k9t05b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_7800_y0g52b:-:*:*:*:*:*:*:*", "cpe:2.3:h:epson:xp-620:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_photo_6234_k7s21b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_110_cq809c:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:hp_officejet_4650_f1h96b:-:*:*:*:*:*:*:*", "cpe:2.3:h:hp:envy_5530:-:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2022-07-07T17:32:32", "description": "A flaw was found in wpa_supplicant, in the way it handled digest algorithm parameters when validating a signature. This flaw could be exploited to perform potential forging attacks. The highest threat from this vulnerability is to data integrity.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-06T17:47:48", "type": "redhatcve", "title": "CVE-2021-30004", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2022-07-07T15:22:22", "id": "RH:CVE-2021-30004", "href": "https://access.redhat.com/security/cve/cve-2021-30004", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-07T17:46:17", "description": "A vulnerability was discovered in wpa_supplicant. When Access Point (AP) mode and Protected Management Frames (PMF) (IEEE 802.11w) are enabled, wpa_supplicant does not perform enough validation on the source address of some received management frames. An attacker within the 802.11 communications range could use this flaw to inject an unauthenticated frame and perform a denial-of-service attack against another device which would be disconnected from the network.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-30T14:25:33", "type": "redhatcve", "title": "CVE-2019-16275", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2022-07-07T11:40:46", "id": "RH:CVE-2019-16275", "href": "https://access.redhat.com/security/cve/cve-2019-16275", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-07T17:39:29", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n#### Mitigation\n\nTo mitigate this flaw, close off the UPnP UDP port (usually 1900) and UPnP service ports from the Internet using a firewall. It's important to note that UPnP service ports vary based on the device, so device documentation should be consulted. Do not expose UPnP servers to the Internet. Exploitation of this flaw relies on HTTP SUBSCRIBE and NOTIFY requests, which can be blocked using a network security appliance, as another mitigation option. \n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-10T14:56:13", "type": "redhatcve", "title": "CVE-2020-12695", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-07-07T12:35:10", "id": "RH:CVE-2020-12695", "href": "https://access.redhat.com/security/cve/cve-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "debiancve": [{"lastseen": "2022-07-04T06:03:05", "description": "In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-02T05:15:00", "type": "debiancve", "title": "CVE-2021-30004", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004"], "modified": "2021-04-02T05:15:00", "id": "DEBIANCVE:CVE-2021-30004", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30004", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-04T06:03:05", "description": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-12T20:15:00", "type": "debiancve", "title": "CVE-2019-16275", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-09-12T20:15:00", "id": "DEBIANCVE:CVE-2019-16275", "href": "https://security-tracker.debian.org/tracker/CVE-2019-16275", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T17:32:21", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T17:15:00", "type": "debiancve", "title": "CVE-2020-12695", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-06-08T17:15:00", "id": "DEBIANCVE:CVE-2020-12695", "href": "https://security-tracker.debian.org/tracker/CVE-2020-12695", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "osv": [{"lastseen": "2022-08-05T05:18:46", "description": "\nhostapd (and wpa\\_supplicant when controlling AP mode) did not perform\nsufficient source address validation for some received Management frames\nand this could result in ending up sending a frame that caused\nassociated stations to incorrectly believe they were disconnected from\nthe network even if management frame protection (also known as PMF) was\nnegotiated for the association. This could be considered to be a denial\nof service vulnerability since PMF is supposed to protect from this\ntype of issues.\n\n\nFor Debian 8 Jessie, this problem has been fixed in version\n2.3-1+deb8u9.\n\n\nWe recommend that you upgrade your wpa packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-16T00:00:00", "type": "osv", "title": "wpa - security update", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2022-08-05T05:18:34", "id": "OSV:DLA-1922-1", "href": "https://osv.dev/vulnerability/DLA-1922-1", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:16:40", "description": "\nYunus \u0102\u0087ad\u00c4\u0105rc\u00c4\u0105 found an issue in the SUBSCRIBE method of UPnP, a\nnetwork protocol for devices to automatically discover and communicate\nwith each other. Insufficient checks on this method allowed attackers\nto use vulnerable UPnP services for DoS attacks or possibly to bypass\nfirewalls.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\n\nWe recommend that you upgrade your gupnp packages.\n\n\nFor the detailed security status of gupnp please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/gupnp>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-08-06T00:00:00", "type": "osv", "title": "gupnp - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-07-21T05:53:18", "id": "OSV:DLA-2315-1", "href": "https://osv.dev/vulnerability/DLA-2315-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T07:18:13", "description": "\nTwo vulnerabilities were found in the WPA protocol implementation found in\nwpa\\_supplication (station) and hostapd (access point).\n\n\n* [CVE-2019-13377](https://security-tracker.debian.org/tracker/CVE-2019-13377)\nA timing-based side-channel attack against WPA3's Dragonfly handshake when\n using Brainpool curves could be used by an attacker to retrieve the\n password.\n* [CVE-2019-16275](https://security-tracker.debian.org/tracker/CVE-2019-16275)\nInsufficient source address validation for some received Management frames\n in hostapd could lead to a denial of service for stations associated to an\n access point. An attacker in radio range of the access point could inject a\n specially constructed unauthenticated IEEE 802.11 frame to the access point\n to cause associated stations to be disconnected and require a reconnection\n to the network.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u1.\n\n\nWe recommend that you upgrade your wpa packages.\n\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/wpa](https://security-tracker.debian.org/tracker/wpa)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-29T00:00:00", "type": "osv", "title": "wpa - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13377", "CVE-2019-16275"], "modified": "2022-08-10T07:18:03", "id": "OSV:DSA-4538-1", "href": "https://osv.dev/vulnerability/DSA-4538-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-10T07:07:07", "description": "\nIt was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to the\nCallStranger UPnP vulnerability.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.2.1+dfsg-2+deb10u1.\n\n\nWe recommend that you upgrade your minidlna packages.\n\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/minidlna](https://security-tracker.debian.org/tracker/minidlna)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "osv", "title": "minidlna - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-08-10T07:07:04", "id": "OSV:DSA-4806-1", "href": "https://osv.dev/vulnerability/DSA-4806-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-05T05:19:01", "description": "\nIt was discovered that missing input validation in minidlna, a lightweight\nDLNA/UPnP-AV server could result in the execution of arbitrary code. In\naddition minidlna was susceptible to the CallStranger UPnP\nvulnerability.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.1.6+dfsg-1+deb9u1.\n\n\nWe recommend that you upgrade your minidlna packages.\n\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/minidlna>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-10T00:00:00", "type": "osv", "title": "minidlna - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2022-08-05T05:18:59", "id": "OSV:DLA-2489-1", "href": "https://osv.dev/vulnerability/DLA-2489-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-08-10T07:19:53", "description": "\nSeveral vulnerabilities have been discovered in wpa\\_supplicant and\nhostapd.\n\n\n* [CVE-2020-12695](https://security-tracker.debian.org/tracker/CVE-2020-12695)\nIt was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service.\n* [CVE-2021-0326](https://security-tracker.debian.org/tracker/CVE-2021-0326)\nIt was discovered that wpa\\_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code.\n* [CVE-2021-27803](https://security-tracker.debian.org/tracker/CVE-2021-27803)\nIt was discovered that wpa\\_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3.\n\n\nWe recommend that you upgrade your wpa packages.\n\n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/wpa>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-04-22T00:00:00", "type": "osv", "title": "wpa - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2022-08-10T07:19:51", "id": "OSV:DSA-4898-1", "href": "https://osv.dev/vulnerability/DSA-4898-1", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:16:40", "description": "\nThe following CVE(s) have been reported against src:wpa.\n\n\n* [CVE-2019-10064](https://security-tracker.debian.org/tracker/CVE-2019-10064)\nhostapd before 2.6, in EAP mode, makes calls to the rand()\n and random() standard library functions without any preceding\n srand() or srandom() call, which results in inappropriate\n use of deterministic values. This was fixed in conjunction\n with [CVE-2016-10743](https://security-tracker.debian.org/tracker/CVE-2016-10743).\n* [CVE-2020-12695](https://security-tracker.debian.org/tracker/CVE-2020-12695)\nThe Open Connectivity Foundation UPnP specification before\n 2020-04-17 does not forbid the acceptance of a subscription\n request with a delivery URL on a different network segment\n than the fully qualified event-subscription URL, aka the\n CallStranger issue.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\n\nWe recommend that you upgrade your wpa packages.\n\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/wpa>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-09T00:00:00", "type": "osv", "title": "wpa - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2022-07-21T05:53:18", "id": "OSV:DLA-2318-1", "href": "https://osv.dev/vulnerability/DLA-2318-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "debian": [{"lastseen": "2021-10-22T12:44:20", "description": "Package : wpa\nVersion : 2.3-1+deb8u9\nCVE ID : CVE-2019-16275\nDebian Bug : 940080\n\nhostapd (and wpa_supplicant when controlling AP mode) did not perform\nsufficient source address validation for some received Management frames\nand this could result in ending up sending a frame that caused\nassociated stations to incorrectly believe they were disconnected from\nthe network even if management frame protection (also known as PMF) was\nnegotiated for the association. This could be considered to be a denial\nof service vulnerability since PMF is supposed to protect from this\ntype of issues.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n2.3-1+deb8u9.\n\nWe recommend that you upgrade your wpa packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-16T15:50:00", "type": "debian", "title": "[SECURITY] [DLA 1922-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-09-16T15:50:00", "id": "DEBIAN:DLA-1922-1:2D12E", "href": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-26T03:21:25", "description": "Package : wpa\nVersion : 2.3-1+deb8u9\nCVE ID : CVE-2019-16275\nDebian Bug : 940080\n\nhostapd (and wpa_supplicant when controlling AP mode) did not perform\nsufficient source address validation for some received Management frames\nand this could result in ending up sending a frame that caused\nassociated stations to incorrectly believe they were disconnected from\nthe network even if management frame protection (also known as PMF) was\nnegotiated for the association. This could be considered to be a denial\nof service vulnerability since PMF is supposed to protect from this\ntype of issues.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n2.3-1+deb8u9.\n\nWe recommend that you upgrade your wpa packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-16T15:50:00", "type": "debian", "title": "[SECURITY] [DLA 1922-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-09-16T15:50:00", "id": "DEBIAN:DLA-1922-1:6BFF9", "href": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T11:18:35", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2315-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nAugust 06, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : gupnp\nVersion : 1.0.1-1+deb9u1\nCVE ID : CVE-2020-12695\n\nYunus \u00c7ad\u0131rc\u0131 found an issue in the SUBSCRIBE method of UPnP, a\nnetwork protocol for devices to automatically discover and communicate\nwith each other. Insuficient checks on this method allowed attackers\nto use vulnerable UPnP services for DoS attacks or possibly to bypass\nfirewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/gupnp\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-08-06T17:27:49", "type": "debian", "title": "[SECURITY] [DLA 2315-1] gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-06T17:27:49", "id": "DEBIAN:DLA-2315-1:5392C", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-01T03:00:57", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2315-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nAugust 06, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : gupnp\nVersion : 1.0.1-1+deb9u1\nCVE ID : CVE-2020-12695\n\nYunus \u00c7ad\u0131rc\u0131 found an issue in the SUBSCRIBE method of UPnP, a\nnetwork protocol for devices to automatically discover and communicate\nwith each other. Insuficient checks on this method allowed attackers\nto use vulnerable UPnP services for DoS attacks or possibly to bypass\nfirewalls.\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.0.1-1+deb9u1.\n\nWe recommend that you upgrade your gupnp packages.\n\nFor the detailed security status of gupnp please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/gupnp\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-08-06T17:27:49", "type": "debian", "title": "[SECURITY] [DLA 2315-1] gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-08-06T17:27:49", "id": "DEBIAN:DLA-2315-1:6010C", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-03-26T00:59:07", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4538-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nSeptember 29, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2019-13377 CVE-2019-16275\nDebian Bug : 934180 940080\n\nTwo vulnerabilities were found in the WPA protocol implementation found in\nwpa_supplication (station) and hostapd (access point).\n\nCVE-2019-13377\n\n A timing-based side-channel attack against WPA3's Dragonfly handshake when\n using Brainpool curves could be used by an attacker to retrieve the\n password.\n\nCVE-2019-16275\n\n Insufficient source address validation for some received Management frames\n in hostapd could lead to a denial of service for stations associated to an\n access point. An attacker in radio range of the access point could inject a\n specially constructed unauthenticated IEEE 802.11 frame to the access point\n to cause associated stations to be disconnected and require a reconnection\n to the network.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version $stretch_VERSION.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u1.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-29T13:59:27", "type": "debian", "title": "[SECURITY] [DSA 4538-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13377", "CVE-2019-16275"], "modified": "2019-09-29T13:59:27", "id": "DEBIAN:DSA-4538-1:D6CC7", "href": "https://lists.debian.org/debian-security-announce/2019/msg00186.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-16T11:28:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4806-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 07, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : minidlna\nCVE ID : CVE-2020-12695 CVE-2020-28926\nDebian Bug : 976594 976595\n\nIt was discovered that missing input validation in minidlna, a\nlightweight DLNA/UPnP-AV server could result in the execution of\narbitrary code. In addition minidlna was susceptible to the\n"CallStranger" UPnP vulnerability.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.2.1+dfsg-2+deb10u1.\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-07T21:38:44", "type": "debian", "title": "[SECURITY] [DSA 4806-1] minidlna security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-07T21:38:44", "id": "DEBIAN:DSA-4806-1:B822C", "href": "https://lists.debian.org/debian-security-announce/2020/msg00213.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-03-26T18:57:57", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2489-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Thorsten Alteholz\nDecember 10, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : minidlna\nVersion : 1.1.6+dfsg-1+deb9u1\nCVE ID : CVE-2020-12695 CVE-2020-28926\n\n\nIt was discovered that missing input validation in minidlna, a lightweight \nDLNA/UPnP-AV server could result in the execution of arbitrary code. In \naddition minidlna was susceptible to the "CallStranger" UPnP \nvulnerability.\n\n\n\nFor Debian 9 stretch, these problems have been fixed in version \n1.1.6+dfsg-1+deb9u1.\n\n\nWe recommend that you upgrade your minidlna packages.\n\nFor the detailed security status of minidlna please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/minidlna\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-10T21:27:37", "type": "debian", "title": "[SECURITY] [DLA 2489-1] minidlna security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2020-12-10T21:27:37", "id": "DEBIAN:DLA-2489-1:3AE0D", "href": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-10-22T11:18:31", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2318-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nAugust 09, 2020 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : wpa\nVersion : 2:2.4-1+deb9u7\nCVE ID : CVE-2019-10064 CVE-2020-12695\n\nThe following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\n hostapd before 2.6, in EAP mode, makes calls to the rand()\n and random() standard library functions without any preceding\n srand() or srandom() call, which results in inappropriate\n use of deterministic values. This was fixed in conjunction\n with CVE-2016-10743.\n\nCVE-2020-12695\n\n The Open Connectivity Foundation UPnP specification before\n 2020-04-17 does not forbid the acceptance of a subscription\n request with a delivery URL on a different network segment\n than the fully qualified event-subscription URL, aka the\n CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-08-08T20:43:17", "type": "debian", "title": "[SECURITY] [DLA 2318-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2020-08-08T20:43:17", "id": "DEBIAN:DLA-2318-1:520EC", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-24T16:18:54", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2318-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nAugust 09, 2020 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : wpa\nVersion : 2:2.4-1+deb9u7\nCVE ID : CVE-2019-10064 CVE-2020-12695\n\nThe following CVE(s) have been reported against src:wpa.\n\nCVE-2019-10064\n\n hostapd before 2.6, in EAP mode, makes calls to the rand()\n and random() standard library functions without any preceding\n srand() or srandom() call, which results in inappropriate\n use of deterministic values. This was fixed in conjunction\n with CVE-2016-10743.\n\nCVE-2020-12695\n\n The Open Connectivity Foundation UPnP specification before\n 2020-04-17 does not forbid the acceptance of a subscription\n request with a delivery URL on a different network segment\n than the fully qualified event-subscription URL, aka the\n CallStranger issue.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:2.4-1+deb9u7.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-08-08T20:43:17", "type": "debian", "title": "[SECURITY] [DLA 2318-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10743", "CVE-2019-10064", "CVE-2020-12695"], "modified": "2020-08-08T20:43:17", "id": "DEBIAN:DLA-2318-1:45FB2", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-02-16T23:32:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4898-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 22, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2020-12695 CVE-2021-0326 CVE-2021-27803\nDebian Bug : 976106 981971\n\nSeveral vulnerabilities have been discovered in wpa_supplicant and\nhostapd.\n\nCVE-2020-12695\n\n It was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service.\n\nCVE-2021-0326\n\n It was discovered that wpa_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code.\n\nCVE-2021-27803\n\n It was discovered that wpa_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-04-22T18:52:18", "type": "debian", "title": "[SECURITY] [DSA 4898-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2021-04-22T18:52:18", "id": "DEBIAN:DSA-4898-1:A816A", "href": "https://lists.debian.org/debian-security-announce/2021/msg00079.html", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T18:16:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4898-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 22, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wpa\nCVE ID : CVE-2020-12695 CVE-2021-0326 CVE-2021-27803\nDebian Bug : 976106 981971\n\nSeveral vulnerabilities have been discovered in wpa_supplicant and\nhostapd.\n\nCVE-2020-12695\n\n It was discovered that hostapd does not properly handle UPnP\n subscribe messages under certain conditions, allowing an attacker to\n cause a denial of service.\n\nCVE-2021-0326\n\n It was discovered that wpa_supplicant does not properly process P2P\n (Wi-Fi Direct) group information from active group owners. An\n attacker within radio range of the device running P2P could take\n advantage of this flaw to cause a denial of service or potentially\n execute arbitrary code.\n\nCVE-2021-27803\n\n It was discovered that wpa_supplicant does not properly process\n P2P (Wi-Fi Direct) provision discovery requests. An attacker\n within radio range of the device running P2P could take advantage\n of this flaw to cause a denial of service or potentially execute\n arbitrary code.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3.\n\nWe recommend that you upgrade your wpa packages.\n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-04-22T18:52:18", "type": "debian", "title": "[SECURITY] [DSA 4898-1] wpa security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326", "CVE-2021-27803"], "modified": "2021-04-22T18:52:18", "id": "DEBIAN:DSA-4898-1:31848", "href": "https://lists.debian.org/debian-security-announce/2021/msg00079.html", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-09-20T14:39:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for wpa USN-4136-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310844180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844180", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844180\");\n script_version(\"2019-09-20T05:25:28+0000\");\n script_cve_id(\"CVE-2019-16275\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 05:25:28 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-19 02:03:04 +0000 (Thu, 19 Sep 2019)\");\n script_name(\"Ubuntu Update for wpa USN-4136-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4136-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005124.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa'\n package(s) announced via the USN-4136-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that wpa_supplicant incorrectly handled certain management\nframes. An attacker could possibly use this issue to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"'wpa' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.6-15ubuntu2.5\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.6-15ubuntu2.5\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.6-21ubuntu3.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.6-21ubuntu3.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"hostapd\", ver:\"1:2.4-0ubuntu6.6\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2.4-0ubuntu6.6\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:28:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for wpa (DLA-1922-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891922", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891922", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891922\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-16275\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-17 02:00:21 +0000 (Tue, 17 Sep 2019)\");\n script_name(\"Debian LTS: Security Advisory for wpa (DLA-1922-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1922-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/940080\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa'\n package(s) announced via the DLA-1922-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hostapd (and wpa_supplicant when controlling AP mode) did not perform\nsufficient source address validation for some received Management frames\nand this could result in ending up sending a frame that caused\nassociated stations to incorrectly believe they were disconnected from\nthe network even if management frame protection (also known as PMF) was\nnegotiated for the association. This could be considered to be a denial\nof service vulnerability since PMF is supposed to protect from this\ntype of issues.\");\n\n script_tag(name:\"affected\", value:\"'wpa' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n2.3-1+deb8u9.\n\nWe recommend that you upgrade your wpa packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hostapd\", ver:\"2.3-1+deb8u9\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpagui\", ver:\"2.3-1+deb8u9\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2.3-1+deb8u9\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-14T14:48:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2019-740834c559", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877188", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877188\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-16275\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:30:52 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for hostapd FEDORA-2019-740834c559\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-740834c559\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the FEDORA-2019-740834c559 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hostapd is a user space daemon for access point and authentication servers. It\nimplements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP\nAuthenticators and RADIUS authentication server.\n\nhostapd is designed to be a 'daemon' program that runs in the back-ground and\nacts as the backend component controlling authentication. hostapd supports\nseparate frontend programs and an example text-based frontend, hostapd_cli, is\nincluded with hostapd.\");\n\n script_tag(name:\"affected\", value:\"'hostapd' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.9~2.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-14T14:48:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2019-0e0b28001d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877250", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877250\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-16275\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:33:49 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2019-0e0b28001d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-0e0b28001d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the FEDORA-2019-0e0b28001d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support\nfor WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA\ncomponent that is used in the client stations. It implements key negotiation\nwith a WPA Authenticator and it controls the roaming and IEEE 802.11\nauthentication/association of the wlan driver.\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.9~2.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:08", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2019-2306)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16275"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192306", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192306", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2306\");\n script_version(\"2020-01-23T12:46:26+0000\");\n script_cve_id(\"CVE-2019-16275\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:46:26 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:46:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2019-2306)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2306\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2306\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2019-2306 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.(CVE-2019-16275)\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~17.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T19:45:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-04T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for gssdp (FEDORA-2020-1f7fc0d0c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T00:00:00", "id": "OPENVAS:1361412562310878036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878036", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878036\");\n script_version(\"2020-07-09T12:15:58+0000\");\n script_cve_id(\"CVE-2020-12695\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-09 12:15:58 +0000 (Thu, 09 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-04 03:20:59 +0000 (Sat, 04 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for gssdp (FEDORA-2020-1f7fc0d0c9)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-1f7fc0d0c9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O46D6A37VVYHB45232FFNDUHCX77TZBV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gssdp'\n package(s) announced via the FEDORA-2020-1f7fc0d0c9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GSSDP implements resource discovery and announcement over SSDP and is part\nof gUPnP. GUPnP is an object-oriented open source framework for creating\nUPnP devices and control points, written in C using GObject and libsoup. The\nGUPnP API is intended to be easy to use, efficient and flexible.\");\n\n script_tag(name:\"affected\", value:\"'gssdp' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gssdp\", rpm:\"gssdp~1.0.4~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-07-21T19:46:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-04T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for gupnp (FEDORA-2020-1f7fc0d0c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T00:00:00", "id": "OPENVAS:1361412562310878034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878034", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878034\");\n script_version(\"2020-07-09T12:15:58+0000\");\n script_cve_id(\"CVE-2020-12695\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-09 12:15:58 +0000 (Thu, 09 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-04 03:20:57 +0000 (Sat, 04 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for gupnp (FEDORA-2020-1f7fc0d0c9)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-1f7fc0d0c9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gupnp'\n package(s) announced via the FEDORA-2020-1f7fc0d0c9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GUPnP is an object-oriented open source framework for creating UPnP\ndevices and control points, written in C using GObject and libsoup.\nThe GUPnP API is intended to be easy to use, efficient and flexible.\");\n\n script_tag(name:\"affected\", value:\"'gupnp' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gupnp\", rpm:\"gupnp~1.0.5~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-07-21T19:46:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for hostapd (FEDORA-2020-df3e1cfde9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-10T00:00:00", "id": "OPENVAS:1361412562310878022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878022", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878022\");\n script_version(\"2020-07-10T06:57:28+0000\");\n script_cve_id(\"CVE-2020-12695\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-10 06:57:28 +0000 (Fri, 10 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 03:20:28 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for hostapd (FEDORA-2020-df3e1cfde9)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-df3e1cfde9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the FEDORA-2020-df3e1cfde9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hostapd is a user space daemon for access point and authentication servers. It\nimplements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP\nAuthenticators and RADIUS authentication server.\n\nhostapd is designed to be a 'daemon' program that runs in the back-ground and\nacts as the backend component controlling authentication. hostapd supports\nseparate frontend programs and an example text-based frontend, hostapd_cli, is\nincluded with hostapd.\");\n\n script_tag(name:\"affected\", value:\"'hostapd' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.9~4.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-10-01T14:45:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4538-1 (wpa - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13377", "CVE-2019-16275"], "modified": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310704538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704538", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704538\");\n script_version(\"2019-10-01T06:12:58+0000\");\n script_cve_id(\"CVE-2019-13377\", \"CVE-2019-16275\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-01 06:12:58 +0000 (Tue, 01 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-30 02:00:10 +0000 (Mon, 30 Sep 2019)\");\n script_name(\"Debian Security Advisory DSA 4538-1 (wpa - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4538.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4538-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa'\n package(s) announced via the DSA-4538-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two vulnerabilities were found in the WPA protocol implementation found in\nwpa_supplication (station) and hostapd (access point).\n\nCVE-2019-13377\nA timing-based side-channel attack against WPA3's Dragonfly handshake when\nusing Brainpool curves could be used by an attacker to retrieve the\npassword.\n\nCVE-2019-16275\nInsufficient source address validation for some received Management frames\nin hostapd could lead to a denial of service for stations associated to an\naccess point. An attacker in radio range of the access point could inject a\nspecially constructed unauthenticated IEEE 802.11 frame to the access point\nto cause associated stations to be disconnected and require a reconnection\nto the network.\");\n\n script_tag(name:\"affected\", value:\"'wpa' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u1.\n\nWe recommend that you upgrade your wpa packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hostapd\", ver:\"2:2.7+git20190128+0c1e29f-6+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpagui\", ver:\"2:2.7+git20190128+0c1e29f-6+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wpasupplicant\", ver:\"2:2.7+git20190128+0c1e29f-6+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-20T15:30:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-17T00:00:00", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2019-2bdcccee3c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11555", "CVE-2019-16275"], "modified": "2019-11-19T00:00:00", "id": "OPENVAS:1361412562310877014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877014", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877014\");\n script_version(\"2019-11-19T07:59:35+0000\");\n script_cve_id(\"CVE-2019-16275\", \"CVE-2019-11555\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-19 07:59:35 +0000 (Tue, 19 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-17 03:32:20 +0000 (Sun, 17 Nov 2019)\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2019-2bdcccee3c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-2bdcccee3c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the FEDORA-2019-2bdcccee3c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support\nfor WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA\ncomponent that is used in the client stations. It implements key negotiation\nwith a WPA Authenticator and it controls the roaming and IEEE 802.11\nauthentication/association of the wlan driver.\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.8~3.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-20T15:35:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-17T00:00:00", "type": "openvas", "title": "Fedora Update for wpa_supplicant FEDORA-2019-65509aac53", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14526", "CVE-2019-16275"], "modified": "2019-11-19T00:00:00", "id": "OPENVAS:1361412562310877006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877006", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877006\");\n script_version(\"2019-11-19T07:59:35+0000\");\n script_cve_id(\"CVE-2019-16275\", \"CVE-2018-14526\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-19 07:59:35 +0000 (Tue, 19 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-17 03:31:01 +0000 (Sun, 17 Nov 2019)\");\n script_name(\"Fedora Update for wpa_supplicant FEDORA-2019-65509aac53\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-65509aac53\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wpa_supplicant'\n package(s) announced via the FEDORA-2019-65509aac53 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support\nfor WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA\ncomponent that is used in the client stations. It implements key negotiation\nwith a WPA Authenticator and it controls the roaming and IEEE 802.11\nauthentication/association of the wlan driver.\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.7~2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:36:55", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-1073)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9497", "CVE-2019-9499", "CVE-2019-11555", "CVE-2019-9498", "CVE-2019-16275"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201073", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1073\");\n script_version(\"2020-01-23T13:19:30+0000\");\n script_cve_id(\"CVE-2019-11555\", \"CVE-2019-16275\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:19:30 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:19:30 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-1073)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1073\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1073\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wpa_supplicant' package(s) announced via the EulerOS-SA-2020-1073 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.(CVE-2019-16275)\n\nThe EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.(CVE-2019-11555)\n\nThe implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.(CVE-2019-9499)\n\nThe implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.(CVE-2019-9498)\n\nThe implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.(CVE-2019-9497)\");\n\n script_tag(name:\"affected\", value:\"'wpa_supplicant' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~2.6~17.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-13T19:28:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-10T00:00:00", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2019-2265b5ae86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9497", "CVE-2019-9495", "CVE-2019-9499", "CVE-2019-9496", "CVE-2019-9494", "CVE-2019-9498", "CVE-2019-16275"], "modified": "2019-11-13T00:00:00", "id": "OPENVAS:1361412562310876981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876981", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876981\");\n script_version(\"2019-11-13T08:06:35+0000\");\n script_cve_id(\"CVE-2019-16275\", \"CVE-2019-9494\", \"CVE-2019-9495\", \"CVE-2019-9496\", \"CVE-2019-9497\", \"CVE-2019-9498\", \"CVE-2019-9499\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-13 08:06:35 +0000 (Wed, 13 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-10 03:24:39 +0000 (Sun, 10 Nov 2019)\");\n script_name(\"Fedora Update for hostapd FEDORA-2019-2265b5ae86\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-2265b5ae86\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the FEDORA-2019-2265b5ae86 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"hostapd is a user space daemon for access point and authentication servers. It\nimplements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP\nAuthenticators and RADIUS authentication server.\n\nhostapd is designed to be a 'daemon' program that runs in the back-ground and\nacts as the backend component controlling authentication. hostapd supports\nseparate frontend programs and an example text-based frontend, hostapd_cli, is\nincluded with hostapd.\");\n\n script_tag(name:\"affected\", value:\"'hostapd' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~2.9~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:37:18", "description": "It was discovered that wpa_supplicant incorrectly handled certain management \nframes. An attacker could possibly use this issue to cause a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-18T00:00:00", "type": "ubuntu", "title": "wpa_supplicant and hostapd vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-09-18T00:00:00", "id": "USN-4136-1", "href": "https://ubuntu.com/security/notices/USN-4136-1", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T11:37:17", "description": "USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that wpa_supplicant incorrectly handled certain management \nframes. An attacker could possibly use this issue to cause a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-18T00:00:00", "type": "ubuntu", "title": "wpa_supplicant and hostapd vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-09-18T00:00:00", "id": "USN-4136-2", "href": "https://ubuntu.com/security/notices/USN-4136-2", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T11:14:44", "description": "It was discovered that GUPnP incorrectly handled certain subscription \nrequests. A remote attacker could possibly use this issue to exfiltrate \ndata or use GUPnP to perform DDoS attacks.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-09-15T00:00:00", "type": "ubuntu", "title": "GUPnP vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-09-15T00:00:00", "id": "USN-4494-1", "href": "https://ubuntu.com/security/notices/USN-4494-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-04T10:59:45", "description": "It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with \na delivery URL on a different network segment than the fully qualified event- \nsubscription URL. An attacker could use this to hijack smart devices and cause \ndenial of service attacks. (CVE-2020-12695)\n\nIt was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. \nA remote attacker could send a malicious UPnP HTTP request to the service \nusing HTTP chunked encoding and cause a denial of service. \n(CVE-2020-28926)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "ubuntu", "title": "ReadyMedia (MiniDLNA) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2020-28926"], "modified": "2021-02-04T00:00:00", "id": "USN-4722-1", "href": "https://ubuntu.com/security/notices/USN-4722-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-01-04T10:58:45", "description": "It was discovered that wpa_supplicant did not properly handle P2P \n(Wi-Fi Direct) group information in some situations, leading to a \nheap overflow. A physically proximate attacker could use this to cause a \ndenial of service or possibly execute arbitrary code. (CVE-2021-0326)\n\nIt was discovered that hostapd did not properly handle UPnP subscribe \nmessages in some circumstances. An attacker could use this to cause a \ndenial of service. (CVE-2020-12695)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-02-11T00:00:00", "type": "ubuntu", "title": "wpa_supplicant and hostapd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326"], "modified": "2021-02-11T00:00:00", "id": "USN-4734-1", "href": "https://ubuntu.com/security/notices/USN-4734-1", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T10:58:34", "description": "USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This \nupdate provides the corresponding update for Ubuntu 14.04 ESM.\n\nIt was discovered that wpa_supplicant did not properly handle P2P \n(Wi-Fi Direct) group information in some situations, leading to a \nheap overflow. A physically proximate attacker could use this to cause a \ndenial of service or possibly execute arbitrary code. (CVE-2021-0326)\n\nIt was discovered that hostapd did not properly handle UPnP subscribe \nmessages in some circumstances. An attacker could use this to cause a \ndenial of service. (CVE-2020-12695)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-02-16T00:00:00", "type": "ubuntu", "title": "wpa_supplicant and hostapd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-0326"], "modified": "2021-02-16T00:00:00", "id": "USN-4734-2", "href": "https://ubuntu.com/security/notices/USN-4734-2", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-07T01:19:40", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: wpa_supplicant-2.9-2.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-11-07T01:19:40", "id": "FEDORA:D89CC60C814A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-09T21:22:00", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: hostapd-2.9-2.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275"], "modified": "2019-11-09T21:22:00", "id": "FEDORA:A44F063787BD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-03T01:19:38", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: hostapd-2.9-4.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-03T01:19:38", "id": "FEDORA:84CF8310A07C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-04T01:13:43", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: gupnp-1.0.5-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-04T01:13:43", "id": "FEDORA:220BE30995DA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-04T01:13:42", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: gssdp-1.0.4-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-04T01:13:42", "id": "FEDORA:A8437308DCC4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O46D6A37VVYHB45232FFNDUHCX77TZBV/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-09T01:06:59", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: gssdp-1.0.4-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T01:06:59", "id": "FEDORA:9F8A130DA8F9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-09T01:07:00", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: gupnp-1.0.5-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-09T01:07:00", "id": "FEDORA:0B46530DA8F6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5XDOXB2LQTCWNCPR26CNOAQZJGDCU2LY/", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-11-15T03:20:51", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: wpa_supplicant-2.7-2.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14526", "CVE-2019-16275"], "modified": "2019-11-15T03:20:51", "id": "FEDORA:CAFA2608E8E8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T18:41:38", "description": "wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-17T01:13:59", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: wpa_supplicant-2.8-3.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11555", "CVE-2019-16275"], "modified": "2019-11-17T01:13:59", "id": "FEDORA:3586B605A6C9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back-ground a nd acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-09T22:40:22", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: hostapd-2.9-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16275", "CVE-2019-9494", "CVE-2019-9495", "CVE-2019-9496", "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499"], "modified": "2019-11-09T22:40:22", "id": "FEDORA:4997B60525B0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2021-12-30T12:25:48", "description": "There is an vulnerability in UPnP protocol that does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, named CallStranger. The UPnP function of Huawei product is enabled only on the LAN side and is not enabled on the WAN side. (Vulnerability ID: HWPSIRT-2020-04132)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-12695.\n\nHuawei has released software updates to fix this vulnerability. This advisory is available at the following link:\n\n[http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-upnp-en](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-upnp-en>)\n\n[](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-07-01T00:00:00", "type": "huawei", "title": "Security Advisory - CallStranger Vulnerability in UPnP Protocol", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-09-02T00:00:00", "id": "HUAWEI-SA-20200701-01-UPNP", "href": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-01-upnp-en", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "attackerkb": [{"lastseen": "2021-07-20T20:15:01", "description": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.\n\n \n**Recent assessments:** \n \n**kevthehermit** at June 09, 2020 7:51am UTC reported:\n\nThis one has a name and a website. \u2013 <https://callstranger.com/>\n\nThere is also a github repository that has PoC code, this code will scan your local IP range to determine if you have vulnerable devices. Be aware this POC will send data about your network out to a 3rd party. It claims to encrypt this data, but I have not reviewed the implementation. \nIt may not have a list of internal UPNP Devices, but it will have a record of your IP, how much data was sent.\n\n<https://github.com/yunuscadirci/CallStranger>\n\n#### Root Cause\n\nA Callback header that can be controlled by the attacker in the `UPnP SUBSCRIBE` functionality can lead to SSRF-Like behaviour\n\n#### Threat\n\n### DDOS:\n\nThis seems to be the obvious one that will get picked up by most botnet operators at some point.\n\n### DLP\n\nDon\u2019t expect this to be a likely threat, there are easier ways to bypass outgoing DLP restrictions than this.\n\n### SSRF Like\n\nNeeds more review but `Scanning internal ports from Internet-facing UPnP devices` could be useful, depending on what data is returned.\n\n**busterb** at June 09, 2020 11:22pm UTC reported:\n\nThis one has a name and a website. \u2013 <https://callstranger.com/>\n\nThere is also a github repository that has PoC code, this code will scan your local IP range to determine if you have vulnerable devices. Be aware this POC will send data about your network out to a 3rd party. It claims to encrypt this data, but I have not reviewed the implementation. \nIt may not have a list of internal UPNP Devices, but it will have a record of your IP, how much data was sent.\n\n<https://github.com/yunuscadirci/CallStranger>\n\n#### Root Cause\n\nA Callback header that can be controlled by the attacker in the `UPnP SUBSCRIBE` functionality can lead to SSRF-Like behaviour\n\n#### Threat\n\n### DDOS:\n\nThis seems to be the obvious one that will get picked up by most botnet operators at some point.\n\n### DLP\n\nDon\u2019t expect this to be a likely threat, there are easier ways to bypass outgoing DLP restrictions than this.\n\n### SSRF Like\n\nNeeds more review but `Scanning internal ports from Internet-facing UPnP devices` could be useful, depending on what data is returned.\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 2Assessed Attacker Value: 3\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-06-08T00:00:00", "type": "attackerkb", "title": "CVE-2020-12695 \"CallStranger\"", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-20T00:00:00", "id": "AKB:DB7D4D6F-62DF-4B24-B7A1-C8B584415E20", "href": "https://attackerkb.com/topics/nRYDYOMY2t/cve-2020-12695-callstranger", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "cisa": [{"lastseen": "2021-02-24T18:07:17", "description": "The CERT Coordination Center (CERT/CC) has released information on a vulnerability\u2014CVE-2020-12695\u2014affecting versions of the Universal Plug and Play (UPnP) protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could exploit this vulnerability to cause a distributed denial-of-service condition.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages vendors and internet service providers (ISPs) to review CERT/CC\u2019s Vulnerability Note [VU#339275](< https://www.kb.cert.org/vuls/id/339275>) and implement the [updated specifications](<https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>) provided by the Open Connectivity Framework.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/06/09/certcc-reports-vulnerability-universal-plug-and-play-protocol>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-06-09T00:00:00", "type": "cisa", "title": "CERT/CC Reports Vulnerability in Universal Plug and Play Protocol", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-06-09T00:00:00", "id": "CISA:74EFEC5277573BE85C62E67E38E79292", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/06/09/certcc-reports-vulnerability-universal-plug-and-play-protocol", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:57", "description": "Arch Linux Security Advisory ASA-202012-16\n==========================================\n\nSeverity: Medium\nDate : 2020-12-09\nCVE-ID : CVE-2020-12695\nPackage : hostapd\nType : proxy injection\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1322\n\nSummary\n=======\n\nThe package hostapd before version 2.9-4 is vulnerable to proxy\ninjection.\n\nResolution\n==========\n\nUpgrade to 2.9-4.\n\n# pacman -Syu \"hostapd>=2.9-4\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nThe Open Connectivity Foundation UPnP specification before 2020-04-17\ndoes not forbid the acceptance of a subscription request with a\ndelivery URL on a different network segment than the fully qualified\nevent-subscription URL, aka the CallStranger issue. This issue could\nallow a device connected to the local network (i.e., a device that has\nbeen authorized to transmit packets in the network in which the AP is\nlocated) to trigger the AP to initiate a HTTP (TCP/IP) connection to an\narbitrary URL, including connections to servers in external networks.\n\nImpact\n======\n\nAn attacker on the local network might be able to force the AP to\ninitiate a HTTP (TCP/IP) connection to an arbitrary URL, including\nconnections to servers in external networks.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/68861\nhttps://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt\nhttp://www.callstranger.com/\nhttps://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch\nhttps://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch\nhttps://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch\nhttps://security.archlinux.org/CVE-2020-12695", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-12-09T00:00:00", "type": "archlinux", "title": "[ASA-202012-16] hostapd: proxy injection", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-12-09T00:00:00", "id": "ASA-202012-16", "href": "https://security.archlinux.org/ASA-202012-16", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:38:07", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.\n\nGSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. \n\nThe following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-05-18T06:05:22", "type": "redhat", "title": "(RHSA-2021:1789) Moderate: gssdp and gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-05-18T11:34:14", "id": "RHSA-2021:1789", "href": "https://access.redhat.com/errata/RHSA-2021:1789", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:05", "description": "gssdp\n[1.0.5-1]\n+ gssdp-1.0.5-1\n- Update to 1.0.5\n- Fix SUBSCRIBE misbehaviour\n- Resolves: #1861928\ngupnp\n[1.0.6-1]\n+ gupnp-1.0.6-1\n- Update to 1.0.6\n- Fix SUBSCRIBE misbehaviour\n- Resolves: #1846589", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-05-25T00:00:00", "type": "oraclelinux", "title": "gssdp and gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-05-25T00:00:00", "id": "ELSA-2021-1789", "href": "http://linux.oracle.com/errata/ELSA-2021-1789.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "cert": [{"lastseen": "2021-09-28T17:52:00", "description": "### Overview\n\nThe Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality.\n\n### Description\n\nThe UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification.\n\nMany common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia ([VU#357851](<https://www.kb.cert.org/vuls/id/357851>)) and [Rapid7](<https://blog.rapid7.com/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play/>). Garcia presented at [DEFCON 2019](<https://www.defcon.org/images/defcon-19/dc-19-presentations/Garcia/DEFCON-19-Garcia-UPnP-Mapping.pdf>) and published a scanning and portmapping tool. The UPnP [Device Protection](<https://upnp.org/specs/gw/UPnP-gw-DeviceProtection-v1-Service.pdf>) service was not widely adopted.\n\nA vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has [updated the UPnP specification](<https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>) to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as [Call Stranger](<https://callstranger.com>).\n\nAlthough offering UPnP services on the Internet is generally considered to be a [misconfiguration](<https://www.kb.cert.org/vuls/id/357851/>), a number of devices are still available over the Internet according to a [recent Shodan scan](<https://www.shodan.io/search?query=upnp>).\n\n### Impact\n\nA remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note.\n\n### Solution\n\n#### Affected devices\n\nA number of devices have been identified as vulnerable by the security researcher and have been posted at the [CallStranger](<https://callstranger.com>) website. There is more information on affected devices in Tenable's blog on [cve-2020-12695](<https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of>).\n\n#### Apply updates\n\nVendors are urged to implement the updated [specification](<https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>) provided by the OCF.. Users should monitor vendor support channels for updates that implement the new SUBSCRIBE specification.\n\n#### Disable or Restrict UPnP\n\nDisable the UPnP protocol on Internet-accessible interfaces. Device manufacturers are urged to disable the UPnP SUBSCRIBE capability in their default configuration and to require users to explicitly enable SUBSCRIBE with any appropriate network restrictions to limit its usage to a trusted local area network.\n\n#### IDS Signature\n\nThis Surricata IDS rule looks for any HTTP SUBSCRIBE request to what is likely to be an external network (i.e., not RFC1918 and RFC4193 addresses). Network administrators and ISPs can deploy this signature at the Internet access point to detect any anomalous SUBSCRIBE requests reaching their users.\n\n`alert http any any -> ![fd00::/8,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12] any (msg:\"UPnP SUBSCRIBE request seen to external network VU#339275: CVE- 2020-12695 https://kb.cert.org \"; content: \"subscribe\"; nocase; http_method; sid:1367339275;)`\n\n### Acknowledgements\n\nThis vulnerability was reported by Yunus \u00c7adirci from EY Turkey.\n\nThis document was written by Vijay Sarvepalli.\n\n### Vendor Information\n\n339275\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Open Connectivity Foundation __ Affected\n\nUpdated: 2020-06-29 **CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf>\n\n#### CERT Addendum\n\nOpen Connectivity Foundation has updated their specification and published in the bulletin, see references.\n\n### Synology __ Affected\n\nNotified: 2020-06-17 Updated: 2020-06-29\n\n**Statement Date: June 22, 2020**\n\n**CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nPlease refer to Synology-SA-20:13\n\n#### References\n\n * <https://www.synology.com/security/advisory/Synology_SA_20_13>\n\n### Zyxel __ Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nZyxel security team confirms that Zyxel\u2019s VMG8324-B10A has the default firewall rule to block UPnP traffic from WAN since its first firmware V1.00(AAKL.0)C0 released in May 2013. However, if users intentionally disable the firewall feature, it could be vulnerable.\n\n#### References\n\n * <https://www.zyxel.com/us/en/support/security_advisories.shtml>\n\n#### CERT Addendum\n\nUsers are urged to not disable firewall to reduce the impact of this vulnerability from the WAN interface. Check Zyxel advisories for regular updates.\n\n### hostapd __ Affected\n\nUpdated: 2020-06-29 **CVE-2020-12695**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://w1.fi/security/2020-1/>\n * <https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt>\n\n#### CERT Addendum\n\nHostAP has released a statement and patches, see the References section for details.\n\n### Commscope __ Not Affected\n\nUpdated: 2020-07-02 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNone of the Ruckus products are vulnerable to CVE-2020-12695\n\n#### CERT Addendum\n\nCommscope acquired Arris and Ruckus Wireless. Announcements may be duplicated in the brand named vendor sections.\n\n### Cradlepoint __ Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nIn NCOS, UPnP Gateway is disabled and the zone-based firewall is configured with an explicit deny for unsolicited inbound traffic by default\n\n#### References\n\n * <https://cradlepoint.com/vulnerability-alerts/>\n\n### LANCOM Systems GmbH __ Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nLANCOM Systems products are not vulnerable to these vulnerabilities.\n\n### Peplink Not Affected\n\nNotified: 2020-07-06 Updated: 2020-06-29\n\n**Statement Date: July 07, 2020**\n\n**CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless __ Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nNone of the Ruckus products are vulnerable to CVE-2020-12695\n\n#### References\n\n * <https://support.ruckuswireless.com/security>\n\n#### CERT Addendum\n\nPlease note that Commscope acquired Ruckus Wireless in 2019. You may see future advisory under Commscope.\n\n### Sierra Wireless Not Affected\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Not Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### A10 Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADATA Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ANTlabs Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&T Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Actelis Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Actiontec Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aerohive Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AhnLab Inc Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AirWatch Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Akamai Technologies Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Allied Telesis Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Amazon Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Android Open Source Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Apple Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arista Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aruba Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aspera Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Barracuda Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belden Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BlackBerry Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blue Coat Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BlueCat Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blunk Microsystems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BoringSSL Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Broadcom Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CA Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CMX Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CZ.NIC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cambium Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ceragon Networks Inc Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Check Point Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cirpack Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Contiki OS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CoreOS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cricket Wireless Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cypress Semiconductor Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Debian GNU/Linux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell EMC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell SecureWorks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### DesktopBSD Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Deutsche Telekom Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Devicescape Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Digi International Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### DragonFly BSD Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ENEA Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### EfficientIP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ericsson Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Espressif Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### European Registry for Internet Domains Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Express Logic Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fastly Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fedora Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Force10 Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fortinet Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Foundry Brocade Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### FreeBSD Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GFI Software Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GNU adns Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GNU glibc Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Geexbox Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Gentoo Linux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Google Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Grandstream Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Green Hills Software Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HCC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HTC Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Honeywell Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### INTEROP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IP Infusion Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Illumos Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### InfoExpress Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Infoblox Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Inmarsat Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### JH Software Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Joyent Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LG Electronics Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LITE-ON Technology Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lancope Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lantronix Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lenovo Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LiteSpeed Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lynx Software Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Marvell Semiconductor Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### McAfee Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MediaTek Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Medtronic Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Men & Mice Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Micro Focus Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microchip Technology Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microsoft Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MikroTik Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Miredo Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Muonics Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NEC Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETSCOUT Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NIKSUN Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NLnet Labs Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nominum Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OleumTech Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenBSD Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenSSL Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenWRT Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oracle Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oryx Embedded Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### PHPIDS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Paessler Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Palo Alto Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Philips Electronics Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Proxim Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Pulse Secure Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QLogic Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QUALCOMM Incorporated Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quadros Systems Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Red Hat Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Riverbed Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Rocket RTOS (Inactive) Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Roku Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SEIKO EPSON Corp. / Epson America Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SUSE Linux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SafeNet Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Mobile Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Secure64 Software Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Slackware Linux Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Snort Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SonicWall Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sonos Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sony Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sophos Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sourcefire Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Symantec Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor Unknown\n\nNotified: 2020-06-29 Updated: 2020-07-02 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Tenable Network Security Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Treck Unknown\n\nNotified: 2020-05-05 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Turbolinux Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Networks Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubuntu Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Unisys Corporation Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Untangle Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### VMware Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vertical Networks Inc. Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### WizNET Technology Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### XigmaNAS Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Xilinx Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zebra Technologies Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zephyr Project Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dd-wrt Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dnsmasq Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eCosCentric Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### eero Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### lwIP Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### m0n0wall Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmp Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2020-04-16 Updated: 2020-06-29 **CVE-2020-12695**| Unknown \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 194 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://callstranger.com>\n * <https://openconnectivity.org/developer/specifications/upnp-resources/upnp/>\n * <https://kb.cert.org/vuls/search/?q=upnp>\n * <https://github.com/yunuscadirci/CallStranger>\n * <https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-12695 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-12695>) \n---|--- \n**Date Public:** | 2020-06-08 \n**Date First Published:** | 2020-06-08 \n**Date Last Updated: ** | 2020-07-08 21:44 UTC \n**Document Revision: ** | 14 \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-06-08T00:00:00", "type": "cert", "title": "Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2020-07-08T21:44:00", "id": "VU:339275", "href": "https://www.kb.cert.org/vuls/id/339275", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "almalinux": [{"lastseen": "2022-07-25T19:09:37", "description": "GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.\n\nGSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. \n\nThe following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2021-05-18T06:05:22", "type": "almalinux", "title": "Moderate: gssdp and gupnp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2021-11-12T10:20:56", "id": "ALSA-2021:1789", "href": "https://errata.almalinux.org/8/ALSA-2021-1789.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}}], "githubexploit": [{"lastseen": "2022-03-23T17:46:09", "description": "# Zeek Plugin that detects CallStranger (CVE-2020-12695) attempt...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-10T14:18:34", "type": "githubexploit", "title": "Exploit for Incorrect Default Permissions in Ui Unifi Controller", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-02-22T00:45:31", "id": "4C38E174-1CE3-5FBF-A67F-3C932DD0F7EA", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-22T15:12:51", "description": "## CallStranger\n\n\nThis script created by Yunus \u00c7ad\u0131rc\u0131 (https://...", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2020-06-08T07:37:49", "type": "githubexploit", "title": "Exploit for Incorrect Default Permissions in Ui Unifi Controller", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695"], "modified": "2022-07-22T14:49:04", "id": "BE8163ED-A55D-547F-A284-5B1D252ABFC9", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:C"}, "privateArea": 1}], "malwarebytes": [{"lastseen": "2021-08-21T10:09:07", "description": "In a [security advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5>), Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.\n\nNormally we'd say "patch now", but you can't, and you'll never be able to because a patch isn't coming.\n\n### CVE-2021-34730\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This vulnerability is listed under [CVE-2021-34730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34730>). As a result of improper validation of incoming UPnP traffic an attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. \n\nA successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system, or cause the device to reload, resulting in a DoS condition. "Executing arbitrary code as the root user" is tantamount to "do whatever they like", which is bad. A CVSS score of 9.8 out of 10 bad. (CVSS can help security teams and developers prioritize threats and allocate resources effectively.)\n\n### UPnP\n\nUniversal Plug and Play (UPnP) is a set of networking protocols that permit networked devices, like routers, to seamlessly discover each other's presence on a network and establish functional network services.\n\nFrom that description alone it should be clear that, from a security point of view, this protocol has no place on an Internet-facing device. Once you have set up your connections to the internal devices there is no reason to leave UPnP enabled. There are plenty of reasons to disable it.\n\nA lot of the problems associated with UPnP-based threats can be linked back to security issues during implementation. Router manufacturers [historically](<https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp>) have not been very good at securing their UPnP implementations, which often leads to the router not checking input properly. Which is exactly what happened here. Again.\n\nAnd then there are vulnerabilities in UPnP itself. The most famous one probably is [CallStranger](<https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/>), which was caused by the Callback header value in UPnP\u2019s SUBSCRIBE function that can be controlled by an attacker and enables a vulnerability which affected millions of Internet-facing devices.\n\nThat particular vulnerability should have been patched by most vendors by now by the way. But CVE-2021-34730 won't be, here's why\u2026\n\n### No patch\n\nThe affected routers have entered the [end-of-life process](<https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf>) and so Cisco has not released software updates to fix the problem. According to the security advisory, it seems they have no plans to do so either:\n\n\u201cCisco has not released and will not release software updates to address the vulnerability described in this advisory.\u201d Cisco also says it is not aware of any malicious use of the vulnerability.\n\nSince there are no workarounds that address this vulnerability, the only choice that administrators have is to disable the affected feature (UPnP). Or buy a new router. Since the routers won't receive any updates for issues in future either, we suggest you do both: Disable UPnP now, and buy a new router soon.\n\n### Mitigation\n\nFor owners of the affected routers it is particularly important to check that UPnP is disabled both on the WAN and the LAN interface. The WAN interface is set to off by default but that doesn't mean it hasn't been changed since. The LAN interface is set to on by default and needs to be turned off. Cisco advises that to disable UPnP on the LAN interface of a device, you do the following:\n\n * Open the web-based management interface and choose Basic Settings > UPnP.\n * Check the Disable check box.\n\nIt is important to disable UPnP on both interfaces because that is the only way to eliminate the vulnerability.\n\nStay safe, everyone!\n\nThe post [Cisco Small Business routers vulnerable to remote attacks, won't get a patch](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/cisco-small-business-routers-vulnerable-to-remote-attacks-wont-get-a-patch/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2021-08-19T20:29:09", "type": "malwarebytes", "title": "Cisco Small Business routers vulnerable to remote attacks, won\u2019t get a patch", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12695", "CVE-2021-34730"], "modified": "2021-08-19T20:29:09", "id": "MALWAREBYTES:1F038DB7EFBB36EF80C56CAFA6D41B90", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/cisco-small-business-routers-vulnerable-to-remote-attacks-wont-get-a-patch/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:05", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEi-Qd2MHVYDYJl5PIX2z3AtQcRnB6K0yMlcfEtUhVfX2p2Hpei_t0aGtKQViZnwmTzTcQXoPeKxh0ApghmA0jmSSZ_kzp8I2-7VDYSXy2k1jyUQq4LEs33er_tLITnsL3p7sM7ViH8e2YmjHzaOKAsRH_bY6zTC48phw_69DL8C7QmD33oG6Z_xIDFp>)\n\nNetworking equipment company Netgear has [released](<https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168>) yet [another round](<https://thehackernews.com/2021/09/high-severity-rce-flaw-disclosed-in.html>) of [patches](<https://thehackernews.com/2021/06/microsoft-discloses-critical-bugs.html>) to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.\n\nTracked as [CVE-2021-34991](<https://nvd.nist.gov/vuln/detail/CVE-2021-34991>) (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest privileges by taking advantage of an issue residing in the Universal Plug and Play ([UPnP](<https://en.wikipedia.org/wiki/Universal_Plug_and_Play>)) feature that allows devices to discover each other's presence on the same local network and open ports needed to connect to the public Internet.\n\nBecause of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things (IoT) devices.\n\nSpecifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRIBE requests \u2014 which are event notification alerts that devices use to receive notifications from other devices when certain configuration changes, such as media sharing, happen.\n\nBut according to GRIMM security researcher Adam Nichols, there exists a memory stack overflow bug in the code that handles the UNSUBSCRIBE requests, which enables an adversary to send a specially crafted HTTP request and run malicious code on the affected device, including resetting the administrator password and delivering arbitrary payloads. Once the password has been reset, the attacker can then login to the webserver and modify any settings or launch further attacks on the webserver.\n\n[
openSUSE Security Update : hostapd (openSUSE-2021-519)
