Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Published

2019-04-17T14:29:03.963

Last Modified

2024-11-21T04:51:44.057

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-301
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	w1.fi	hostapd	≤ 2.4	Yes
Application	w1.fi	hostapd	≤ 2.7	Yes
Application	w1.fi	wpa_supplicant	≤ 2.4	Yes
Application	w1.fi	wpa_supplicant	≤ 2.7	Yes
Operating System	fedoraproject	fedora	28	Yes
Operating System	fedoraproject	fedora	29	Yes
Operating System	fedoraproject	fedora	30	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html ([email protected])
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html ([email protected])
https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/ ([email protected])
https://seclists.org/bugtraq/2019/May/40 ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc ([email protected])
https://w1.fi/security/2019-4/ Patch, Vendor Advisory ([email protected])
https://www.synology.com/security/advisory/Synology_SA_19_16 ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/ (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/May/40 (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc (af854a3a-2127-422b-91ae-364da2661108)
https://w1.fi/security/2019-4/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/security/advisory/Synology_SA_19_16 (af854a3a-2127-422b-91ae-364da2661108)