Lucene search

Ubuntu.comUB:CVE-2019-5061

HistoryDec 12, 2019 - 12:00 a.m.

CVE-2019-5061

2019-12-1200:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

22.5%

JSON

An exploitable denial-of-service vulnerability exists in the hostapd 2.6,
where an attacker could trigger AP to send IAPP location updates for
stations, before the required authentication process has completed. This
could lead to different denial of service scenarios, either by causing CAM
table attacks, or by leading to traffic flapping if faking already existing
clients in other nearby Aps of the same wireless infrastructure. An
attacker can forge Authentication and Association Request packets to
trigger this vulnerability.

Notes

Author	Note
sbeattie	upstream fix appears to be to remove (the incomplete) IAPP support completely.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchwpa< anyUNKNOWN
ubuntu20.04noarchwpa< anyUNKNOWN
ubuntu21.04noarchwpa< 2:2.9.0-20build1UNKNOWN
ubuntu21.10noarchwpa< 2:2.9.0-20build1UNKNOWN
ubuntu22.04noarchwpa< 2:2.9.0-20build1UNKNOWN
ubuntu22.10noarchwpa< 2:2.9.0-20build1UNKNOWN
ubuntu23.04noarchwpa< 2:2.9.0-20build1UNKNOWN
ubuntu23.10noarchwpa< 2:2.9.0-20build1UNKNOWN
ubuntu14.04noarchwpa< anyUNKNOWN
ubuntu16.04noarchwpa< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	wpa	< any	UNKNOWN
ubuntu	20.04	noarch	wpa	< any	UNKNOWN
ubuntu	21.04	noarch	wpa	< 2:2.9.0-20build1	UNKNOWN
ubuntu	21.10	noarch	wpa	< 2:2.9.0-20build1	UNKNOWN
ubuntu	22.04	noarch	wpa	< 2:2.9.0-20build1	UNKNOWN
ubuntu	22.10	noarch	wpa	< 2:2.9.0-20build1	UNKNOWN
ubuntu	23.04	noarch	wpa	< 2:2.9.0-20build1	UNKNOWN
ubuntu	23.10	noarch	wpa	< 2:2.9.0-20build1	UNKNOWN
ubuntu	14.04	noarch	wpa	< any	UNKNOWN
ubuntu	16.04	noarch	wpa	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2019-5061

nvd.nist.gov/vuln/detail/CVE-2019-5061

security-tracker.debian.org/tracker/CVE-2019-5061

talosintelligence.com/vulnerability_reports/TALOS-2019-0849

www.cve.org/CVERecord?id=CVE-2019-5061

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

22.5%

JSON

Related for UB:CVE-2019-5061