Vulnerability CVE-2019-16275


Published: 2019-09-12

Description:
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
W1.fi -> Hostapd 
W1.fi -> Wpa supplicant 

 References:
http://www.openwall.com/lists/oss-security/2019/09/12/6
https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html
https://usn.ubuntu.com/4136-1/
https://usn.ubuntu.com/4136-2/
https://w1.fi/security/2019-7/
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
https://www.openwall.com/lists/oss-security/2019/09/11/7

Copyright 2024, cxsecurity.com

 

Back to Top