Lucene search
K

12 matches found

Prion
Prion
added 2020/07/23 4:15 p.m.18 views

Design/Logic Flaw

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266NONOSSDK devices through 3.0.3, and ESP8266RTOSSDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encrypti...

4.3CVSS6.8AI score0.00469EPSS
Exploits1References4Affected Software3
NVD
NVD
added 2019/09/04 8:15 p.m.30 views

CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

6.5CVSS6.3AI score0.0135EPSS
Exploits2References3
OSV
OSV
added 2019/09/04 8:15 p.m.37 views

CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

6.5CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2019/09/04 8:15 p.m.28 views

Design/Logic Flaw

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

3.3CVSS6.3AI score0.0135EPSS
Exploits2References3Affected Software3
NVD
NVD
added 2019/09/04 12:15 p.m.29 views

CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

8.1CVSS8.1AI score0.00804EPSS
Exploits2References3
OSV
OSV
added 2019/09/04 12:15 p.m.36 views

CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

8.1CVSS6.9AI score0.00804EPSS
Exploits2References3
OSV
OSV
added 2019/09/04 12:15 p.m.28 views

CVE-2019-12588

The client 802.11 mac implementation in Espressif ESP8266NONOSSDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service crash via a crafted...

6.5CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2019/09/04 12:15 p.m.26 views

Authentication flaw

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

4.8CVSS7.9AI score0.00804EPSS
Exploits2References3Affected Software2
Prion
Prion
added 2019/09/04 12:15 p.m.28 views

Code injection

The client 802.11 mac implementation in Espressif ESP8266NONOSSDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service crash via a crafted...

3.3CVSS6.2AI score0.0119EPSS
Exploits2References3Affected Software2
CVE
CVE
added 2019/09/04 11:31 a.m.163 views

CVE-2019-12587

The CVE-2019-12587 entry concerns the EAP peer implementation in Espressif ESP-IDF 2.0.0–4.0.0 and ESP8266_NONOS_SDK 2.2.0–3.1.0, where a zero PMK can be installed after any EAP authentication, enabling attackers in radio range to replay, decrypt, or spoof frames via a rogue AP. Red Hat and OSV r...

8.1CVSS8AI score0.00804EPSS
Exploits2References3Affected Software2
Cvelist
Cvelist
added 2019/09/04 11:31 a.m.42 views

CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

8.1AI score0.00804EPSS
Exploits2References3
Cvelist
Cvelist
added 2019/09/04 11:30 a.m.29 views

CVE-2019-12588

The client 802.11 mac implementation in Espressif ESP8266NONOSSDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service crash via a crafted...

6.3AI score0.0119EPSS
Exploits2References3
Rows per page
Query Builder