CVE-2024-5290

2024-08-0709:16:05

CWE-427

[email protected]

web.nvd.nist.gov

ubuntu

wpa_supplicant

vulnerability

local attacker

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).

Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Affected configurations

Nvd

Node

w1.fiwpa_supplicantMatch-

AND

canonicalubuntu_linuxMatch-

VendorProductVersionCPE
w1.fiwpa_supplicant-cpe:2.3:a:w1.fi:wpa_supplicant:-:*:*:*:*:*:*:*
canonicalubuntu_linux-cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*