CVE-2021-27803

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

References

https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt

https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch

https://www.openwall.com/lists/oss-security/2021/02/25/3

http://www.openwall.com/lists/oss-security/2021/02/27/1

https://lists.fedoraproject.org/archives/list/[email protected]/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/

https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/

https://lists.fedoraproject.org/archives/list/[email protected]/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/

https://www.debian.org/security/2021/dsa-4898

Details

Source: MITRE

Published: 2021-02-26

Updated: 2021-04-23

Risk Information

CVSS v2

Base Score: 5.4

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 5.5

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
153345EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-2439)NessusHuawei Local Security Checks
high
151338EulerOS Virtualization for ARM 64 3.0.2.0 : wpa_supplicant (EulerOS-SA-2021-2105)NessusHuawei Local Security Checks
high
151222EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2021-2043)NessusHuawei Local Security Checks
high
151176EulerOS Virtualization for ARM 64 3.0.6.0 : wpa_supplicant (EulerOS-SA-2021-2009)NessusHuawei Local Security Checks
high
149546EulerOS 2.0 SP5 : wpa_supplicant (EulerOS-SA-2021-1917)NessusHuawei Local Security Checks
high
149538EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2021-1892)NessusHuawei Local Security Checks
high
149192EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1860)NessusHuawei Local Security Checks
high
148967Debian DSA-4898-1 : wpa - security updateNessusDebian Local Security Checks
high
148346Photon OS 4.0: Wpa_Supplicant PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
148344Photon OS 3.0: Wpa_Supplicant PHSA-2021-3.0-0210NessusPhotonOS Local Security Checks
high
148194Amazon Linux 2 : wpa_supplicant (ALAS-2021-1624)NessusAmazon Linux Local Security Checks
high
147984Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : wpa_supplicant and hostapd vulnerability (USN-4757-1)NessusUbuntu Local Security Checks
high
147887CentOS 8 : wpa_supplicant (CESA-2021:0809)NessusCentOS Local Security Checks
high
147884CentOS 7 : wpa_supplicant (CESA-2021:0808)NessusCentOS Local Security Checks
high
147809RHEL 8 : wpa_supplicant (RHSA-2021:0816)NessusRed Hat Local Security Checks
high
147805RHEL 8 : wpa_supplicant (RHSA-2021:0818)NessusRed Hat Local Security Checks
high
147783openSUSE Security Update : wpa_supplicant (openSUSE-2021-404)NessusSuSE Local Security Checks
high
147714Scientific Linux Security Update : wpa_supplicant on SL7.x x86_64 (2021:0808)NessusScientific Linux Local Security Checks
high
147712Oracle Linux 8 : SUMM: / wpa_supplicant (ELSA-2021-0809)NessusOracle Linux Local Security Checks
high
147706RHEL 8 : wpa_supplicant (RHSA-2021:0809)NessusRed Hat Local Security Checks
high
147656Oracle Linux 7 : wpa_supplicant (ELSA-2021-0808)NessusOracle Linux Local Security Checks
high
147643RHEL 7 : wpa_supplicant (RHSA-2021:0808)NessusRed Hat Local Security Checks
high
147612SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2021:0721-1)NessusSuSE Local Security Checks
high
147575SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:0720-1)NessusSuSE Local Security Checks
high
147545SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:0745-1)NessusSuSE Local Security Checks
high
147484Fedora 32 : 1:wpa_supplicant (2021-99cad2b81f)NessusFedora Local Security Checks
high
146969Fedora 33 : 1:wpa_supplicant (2021-3430f96019)NessusFedora Local Security Checks
high
146968Debian DLA-2581-1 : wpa security updateNessusDebian Local Security Checks
high