CVE-2020-17497

high

Description

eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.

References

https://lists.01.org/hyperkitty/list/iwd%40lists.01.org/thread/4GUXL4Z6KZWWZINATGHNJVAEUTS3I7PG/

Details

Source: Mitre, NVD

Published: 2020-08-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00094