6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
22.5%
An exploitable denial-of-service vulnerability exists in the hostapd 2.6,
where an attacker could trigger AP to send IAPP location updates for
stations, before the required authentication process has completed. This
could lead to different denial of service scenarios, either by causing CAM
table attacks, or by leading to traffic flapping if faking already existing
clients in other nearby Aps of the same wireless infrastructure. An
attacker can forge Authentication and Association Request packets to
trigger this vulnerability.
Author | Note |
---|---|
sbeattie | upstream fix appears to be to remove (the incomplete) IAPP support completely. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | wpa | < any | UNKNOWN |
ubuntu | 20.04 | noarch | wpa | < any | UNKNOWN |
ubuntu | 21.04 | noarch | wpa | < 2:2.9.0-20build1 | UNKNOWN |
ubuntu | 21.10 | noarch | wpa | < 2:2.9.0-20build1 | UNKNOWN |
ubuntu | 22.04 | noarch | wpa | < 2:2.9.0-20build1 | UNKNOWN |
ubuntu | 22.10 | noarch | wpa | < 2:2.9.0-20build1 | UNKNOWN |
ubuntu | 23.04 | noarch | wpa | < 2:2.9.0-20build1 | UNKNOWN |
ubuntu | 23.10 | noarch | wpa | < 2:2.9.0-20build1 | UNKNOWN |
ubuntu | 14.04 | noarch | wpa | < any | UNKNOWN |
ubuntu | 16.04 | noarch | wpa | < any | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
22.5%