Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6945-1
HistoryAug 06, 2024 - 12:00 a.m.

wpa_supplicant and hostapd vulnerability

2024-08-0600:00:00
ubuntu.com
34
wpa_supplicant vulnerability
hostapd vulnerability
privilege escalation
ubuntu 24.04 lts
ubuntu 22.04 lts
ubuntu 20.04 lts
ubuntu 18.04 esm
ubuntu 16.04 esm
ubuntu 14.04 esm
wpa
shared object loading

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

5.1%

JSON

Releases

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • wpa - client support for WPA and WPA2

Details

Rory McNamara discovered that wpa_supplicant could be made to load
arbitrary shared objects by unprivileged users that have access to
the control interface. An attacker could use this to escalate privileges
to root.

OSVersionArchitecturePackageVersionFilename
Ubuntu24.04noarchwpasupplicant< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarcheapoltest< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarcheapoltest-dbgsym< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarchhostapd< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarchhostapd-dbgsym< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarchlibwpa-client-dev< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarchwpagui< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarchwpagui-dbgsym< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu24.04noarchwpasupplicant-dbgsym< 2:2.10-21ubuntu0.1UNKNOWN
Ubuntu22.04noarchwpasupplicant< 2:2.10-6ubuntu2.1UNKNOWN
Rows per page:
1-10 of 481

Related

osv 3
ubuntucve 1
openvas 2
cve 1
nessus 2
debiancve 1
redhatcve 1
cvelist 1
vulnrichment 1
nvd 1
osv
osv
CVE-2024-5290
2024-08-07 09:16:05
wpa - security update
2024-08-06 00:00:00
wpa vulnerability
2024-08-06 16:18:20
ubuntucve
ubuntucve
CVE-2024-5290
2024-08-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6945-1)
2024-08-07 00:00:00
Debian: Security Advisory (DSA-5739-1)
2024-08-07 00:00:00
cve
cve
CVE-2024-5290
2024-08-07 09:16:05
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : wpa_supplicant and hostapd vulnerability (USN-6945-1)
2024-08-06 00:00:00
Debian dsa-5739 : eapoltest - security update
2024-08-06 00:00:00
debiancve
debiancve
CVE-2024-5290
2024-08-07 09:16:05
redhatcve
redhatcve
CVE-2024-5290
2024-08-07 14:16:38
cvelist
cvelist
CVE-2024-5290
2024-08-07 08:14:08
vulnrichment
vulnrichment
CVE-2024-5290
2024-08-07 08:14:08
nvd
nvd
CVE-2024-5290
2024-08-07 09:16:05

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

5.1%

JSON
Related for USN-6945-1
osv3ubuntucve1openvas2cve1nessus2debiancve1redhatcve1cvelist1vulnrichment1nvd1