6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.9%
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.
hostapd version 2.6 on a Raspberry Pi.
7.4 - AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-440 - Expected Behavior Violation
When hostapd receives an Authentication and an AssociationRequest packet, it begins the handshake process with the station. Upon failure to negotiate authentication, hostapd sends Deauthentication packets to the client with the same MAC address as the first two packets.
This behavior can be abused by an attacker to cause a valid station using 802.11w to be deauthenticated from the AP.
2019-07-01 - Initial contact 2019-07-02 - Vendor acknowledged
2019-07-08 - Vendor disclosure; reports issued
2019-07-28 - Vendor confirmed does not trigger above 2.6 version
2019-11-10 - Vendor confirmed fix applied to main repository
2019-12-11 - Public Release
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.9%