CVE-2019-16275LOW
Description
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
References
http://www.openwall.com/lists/oss-security/2019/09/12/6
https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html
https://seclists.org/bugtraq/2019/Sep/56
https://usn.ubuntu.com/4136-1/
https://usn.ubuntu.com/4136-2/
https://w1.fi/security/2019-7/
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
Details
Source: MITRE
Published: 2019-09-12
Updated: 2020-08-24
Type: CWE-346
Risk Information
CVSS v2.0
Base Score: 3.3
Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 6.5
Severity: LOW
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* versions up to 2.9 (inclusive)
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* versions up to 2.9 (inclusive)
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 148411 | openSUSE Security Update : hostapd (openSUSE-2021-519) | Nessus | SuSE Local Security Checks | high |
| 146523 | SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:0478-1) | Nessus | SuSE Local Security Checks | high |
| 143704 | SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2020:3424-1) (KRACK) | Nessus | SuSE Local Security Checks | medium |
| 143627 | SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK) | Nessus | SuSE Local Security Checks | medium |
| 143321 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK) | Nessus | SuSE Local Security Checks | medium |
| 143304 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK) | Nessus | SuSE Local Security Checks | medium |
| 140911 | EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2020-2144) | Nessus | Huawei Local Security Checks | low |
| 132827 | EulerOS Virtualization for ARM 64 3.0.5.0 : wpa_supplicant (EulerOS-SA-2020-1073) | Nessus | Huawei Local Security Checks | medium |
| 131372 | EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2019-2306) | Nessus | Huawei Local Security Checks | low |
| 131090 | Fedora 30 : 1:wpa_supplicant (2019-2bdcccee3c) | Nessus | Fedora Local Security Checks | low |
| 131039 | Fedora 29 : 1:wpa_supplicant (2019-65509aac53) | Nessus | Fedora Local Security Checks | low |
| 130788 | Fedora 31 : hostapd (2019-740834c559) | Nessus | Fedora Local Security Checks | low |
| 130781 | Fedora 30 : hostapd (2019-2265b5ae86) | Nessus | Fedora Local Security Checks | low |
| 130613 | Fedora 31 : 1:wpa_supplicant (2019-0e0b28001d) | Nessus | Fedora Local Security Checks | low |
| 129416 | Debian DSA-4538-1 : wpa - security update | Nessus | Debian Local Security Checks | medium |
| 129050 | Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : wpa_supplicant and hostapd vulnerability (USN-4136-1) | Nessus | Ubuntu Local Security Checks | low |
| 128880 | Debian DLA-1922-1 : wpa security update | Nessus | Debian Local Security Checks | low |