CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns

Severity Score

3.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Las implementaciones de EAP-PWD en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side-channel) como resultado de los patrones de acceso a la caché. Todas las versiones de hostapd y wpa_supplicant con soporte de EAP-PWD son vulnerables. La capacidad de instalar y ejecutar aplicaciones es necesaria para un ataque con exito. Los patrones de acceso a memoria son visibles en caché compartido. Las contraseñas débiles pueden ser crackeadas. Las versiones de hostapd/wpa_supplicant versión 2.7 y posteriores, no son vulnerables al ataque de tiempo descrito en CVE-2019-9494. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versión 2.7 están afectados.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-01 CVE Reserved
2019-04-11 CVE Published
2024-08-04 CVE Updated
2024-11-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-203: Observable Discrepancy
CWE-524: Use of Cache Containing Sensitive Information

CAPEC

References (10)

URL	Tag	Source
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html	Mailing List
https://seclists.org/bugtraq/2019/May/40	Mailing List
https://www.synology.com/security/advisory/Synology_SA_19_16	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://w1.fi/security/2019-2	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ	2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				<= 2.7 Search vendor "W1.fi" for product "Hostapd" and version " <= 2.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				<= 2.7 Search vendor "W1.fi" for product "WPA Supplicant" and version " <= 2.7"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				28 Search vendor "Fedoraproject" for product "Fedora" and version "28"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				29 Search vendor "Fedoraproject" for product "Fedora" and version "29"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				30 Search vendor "Fedoraproject" for product "Fedora" and version "30"		-		Affected
Opensuse Search vendor "Opensuse"		Backports Sle Search vendor "Opensuse" for product "Backports Sle"				15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0"		-		Affected
Opensuse Search vendor "Opensuse"		Backports Sle Search vendor "Opensuse" for product "Backports Sle"				15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0"		sp1		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Synology Search vendor "Synology"		Radius Server Search vendor "Synology" for product "Radius Server"				3.0 Search vendor "Synology" for product "Radius Server" and version "3.0"		-		Affected
Synology Search vendor "Synology"		Router Manager Search vendor "Synology" for product "Router Manager"				< 1.2.3-8017 Search vendor "Synology" for product "Router Manager" and version " < 1.2.3-8017"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p2		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p3		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p4		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p5		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p6		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p7		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p8		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		p9		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				11.2 Search vendor "Freebsd" for product "Freebsd" and version "11.2"		rc3		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0"		p1		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0"		p2		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0"		p3		Affected