CVE-2018-14526

wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Se ha descubierto un problema en rsn_supp/wpa.c en wpa_supplicant, desde la versión 2.0 hasta la 2.6. En determinadas condiciones, no se comprueba la integridad de los mensajes EAPOL-Key, lo que conduce a un oráculo de descripción. Un atacante que esté en el rango del punto de acceso y el cliente puede abusar de la vulnerabilidad para recuperar información sensible.

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-07-22 CVE Reserved
2018-08-08 CVE Published
2024-02-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CAPEC

References (12)

URL	Tag	Source
http://www.securitytracker.com/id/1041438	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf	X_refsource_confirm
https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html	Mailing List
https://papers.mathyvanhoef.com/woot2018.pdf	Technical Description
https://www.us-cert.gov/ics/advisories/icsa-19-344-01	X_refsource_misc

URL	Date	SRC

URL	Date	SRC
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc	2019-10-03
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt	2019-10-03

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html	2019-10-03
https://access.redhat.com/errata/RHSA-2018:3107	2019-10-03
https://usn.ubuntu.com/3745-1	2019-10-03
https://access.redhat.com/security/cve/CVE-2018-14526	2018-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=1614520	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				>= 2.0 <= 2.6 Search vendor "W1.fi" for product "WPA Supplicant" and version " >= 2.0 <= 2.6"		-		Affected