Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-9494

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Published

2019-04-17T14:29:03.840

Last Modified

2024-11-21T04:51:43.657

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-208
CWE-524
Type: Primary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	w1.fi	hostapd	≤ 2.7	Yes
Application	w1.fi	wpa_supplicant	≤ 2.7	Yes
Operating System	fedoraproject	fedora	28	Yes
Operating System	fedoraproject	fedora	29	Yes
Operating System	fedoraproject	fedora	30	Yes
Application	opensuse	backports_sle	15.0	Yes
Application	opensuse	backports_sle	15.0	Yes
Operating System	opensuse	leap	15.1	Yes
Application	synology	radius_server	3.0	Yes
Application	synology	router_manager	< 1.2.3-8087	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html Mailing List, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html Third Party Advisory, VDB Entry ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/ ([email protected])
https://seclists.org/bugtraq/2019/May/40 Mailing List, Third Party Advisory ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc Third Party Advisory ([email protected])
https://w1.fi/security/2019-1/ Patch, Vendor Advisory ([email protected])
https://www.synology.com/security/advisory/Synology_SA_19_16 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/ (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/May/40 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://w1.fi/security/2019-1/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/security/advisory/Synology_SA_19_16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)