CVE-2019-9496

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Una secuencia de autorización no válida puede conllevar a que el proceso de hostapd termine a causa de que faltan pasos de comprobación de estado al procesar el mensaje de confirmación SAE cuando está en el modo hostapd/AP. Todas las versiones de hostapd con soporte SAE son vulnerables. Un atacante puede forzar la terminación del proceso de hostapd, realizando un ataque de Denegación de Servicio (DoS). Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE e incluyendo la versión 2.7 están afectados.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-01 CVE Reserved
2019-04-17 CVE Published
2024-04-10 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-642: External Control of Critical State Data

CAPEC

References (9)

URL	Tag	Source
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html	X_refsource_misc
https://seclists.org/bugtraq/2019/May/40	Mailing List
https://www.synology.com/security/advisory/Synology_SA_19_16	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
https://w1.fi/security/2019-3	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ	2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
W1.fi Search vendor "W1.fi"		Hostapd Search vendor "W1.fi" for product "Hostapd"				<= 2.7 Search vendor "W1.fi" for product "Hostapd" and version " <= 2.7"		-		Affected
W1.fi Search vendor "W1.fi"		WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant"				<= 2.7 Search vendor "W1.fi" for product "WPA Supplicant" and version " <= 2.7"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				28 Search vendor "Fedoraproject" for product "Fedora" and version "28"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				29 Search vendor "Fedoraproject" for product "Fedora" and version "29"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				30 Search vendor "Fedoraproject" for product "Fedora" and version "30"		-		Affected