CVE-2019-5061

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*

History

19 Apr 2022, 18:16

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-287

Information

Published : 2019-12-12 22:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-5061

Mitre link : CVE-2019-5061

CVE.ORG link : CVE-2019-5061

JSON object : View

Products Affected

w1.fi

hostapd

CWE

CWE-287

Improper Authentication

CWE-440

Expected Behavior Violation

{"id": "CVE-2019-5061", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-12-12T22:15:11.047", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-440"}]}], "descriptions": [{"lang": "en", "value": "An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio explotable en el hostapd versi\u00f3n 2.6, donde un atacante podr\u00eda activar AP para enviar actualizaciones de ubicaci\u00f3n IAPP para las estaciones, antes de que el proceso de autenticaci\u00f3n requerido se complete . Esto podr\u00eda conllevar a diferentes escenarios de denegaci\u00f3n de servicio, ya sea causando ataques a la tabla CAM o conllevando un aleteo de tr\u00e1fico si falsifica clientes existentes en otros Aps cercanos de la misma infraestructura inal\u00e1mbrica. Un atacante puede falsificar paquetes de petici\u00f3n de Autenticaci\u00f3n y Asociaci\u00f3n para activar esta vulnerabilidad."}], "lastModified": "2022-06-17T13:27:34.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F5F7411-0B32-4041-8235-2B1AEC186FF0"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}