Lucene search

K

PRIOn knowledge basePRION:CVE-2019-9494

HistoryApr 17, 2019 - 2:29 p.m.

Design/Logic Flaw

2019-04-1714:29:00

PRIOn knowledge base

www.prio-n.com

6

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.5%

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

CPENameOperatorVersion
fedoraeq28
fedoraeq29
fedoraeq30
freebsdeq11.2 p3
freebsdeq11.2 p4
freebsdeq11.2 p5
freebsdeq12.0 p1
freebsdeq11.2 p7
freebsdeq12.0
freebsdeq11.2

Rows per page:

1-10 of 241

References

lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html

lists.fedoraproject.org/archives/list/[email protected]/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/

lists.fedoraproject.org/archives/list/[email protected]/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/

lists.fedoraproject.org/archives/list/[email protected]/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/

seclists.org/bugtraq/2019/May/40

security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc

w1.fi/security/2019-1/

www.synology.com/security/advisory/Synology_SA_19_16

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.5%

Related for PRION:CVE-2019-9494

thn1 cve4 nessus32 openvas22 alpinelinux3 osv4 freebsd2 ubuntucve4 redhatcve1 debiancve4 prion3 mageia2 fedora8 fortinet1 debian1 cert1 suse3 freebsd_advisory1 photon2 rosalinux1