CVE-2019-9498

Vulnerability from cvelistv5

Published

2019-04-17 13:31

Modified

2024-08-04 21:54

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	Mailing List, Third Party Advisory
cret@cert.org	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html	Mailing List, Third Party Advisory
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
cret@cert.org	https://seclists.org/bugtraq/2019/May/40	Mailing List, Third Party Advisory
cret@cert.org	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	Third Party Advisory
cret@cert.org	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
cret@cert.org	https://www.synology.com/security/advisory/Synology_SA_19_16	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/40	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_19_16	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

Wi-Fi Alliance

hostapd with EAP-pwd support

Version: 2.7 <

Wi-Fi Alliance	wpa_supplicant with EAP-pwd support	Version: 2.7 <
Wi-Fi Alliance	hostapd with SAE support	Version: 2.4 <
Wi-Fi Alliance	wpa_supplicant with SAE support	Version: 2.4 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:54:44.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://w1.fi/security/2019-4/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
          },
          {
            "name": "FEDORA-2019-d03bae77f5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
          },
          {
            "name": "FEDORA-2019-f409af9fbe",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
          },
          {
            "name": "FEDORA-2019-eba1109acd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
          },
          {
            "name": "FreeBSD-SA-19:03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
          },
          {
            "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/40"
          },
          {
            "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hostapd with EAP-pwd support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "wpa_supplicant with EAP-pwd support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "hostapd with SAE support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.4",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "wpa_supplicant with SAE support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.4",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346 Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-16T00:06:07",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://w1.fi/security/2019-4/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
        },
        {
          "name": "FEDORA-2019-d03bae77f5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
        },
        {
          "name": "FEDORA-2019-f409af9fbe",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
        },
        {
          "name": "FEDORA-2019-eba1109acd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
        },
        {
          "name": "FreeBSD-SA-19:03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
        },
        {
          "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/40"
        },
        {
          "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
        },
        {
          "name": "openSUSE-SU-2020:0222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Dragonblood",
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9498",
          "STATE": "PUBLIC",
          "TITLE": "The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "hostapd with EAP-pwd support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "wpa_supplicant with EAP-pwd support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "hostapd with SAE support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.4",
                            "version_value": "2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "wpa_supplicant with SAE support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.4",
                            "version_value": "2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wi-Fi Alliance"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-346 Origin Validation Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://w1.fi/security/2019-4/",
              "refsource": "CONFIRM",
              "url": "https://w1.fi/security/2019-4/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
            },
            {
              "name": "FEDORA-2019-d03bae77f5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
            },
            {
              "name": "FEDORA-2019-f409af9fbe",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
            },
            {
              "name": "FEDORA-2019-eba1109acd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
            },
            {
              "name": "FreeBSD-SA-19:03",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
            },
            {
              "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/40"
            },
            {
              "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2019-9498",
    "datePublished": "2019-04-17T13:31:08",
    "dateReserved": "2019-03-01T00:00:00",
    "dateUpdated": "2024-08-04T21:54:44.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.4\", \"matchCriteriaId\": \"552340BD-4450-4767-BDB3-44FF526BD4ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5\", \"versionEndIncluding\": \"2.7\", \"matchCriteriaId\": \"2A9FD3E6-61E9-4F50-8077-DDC07F2CC46D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.4\", \"matchCriteriaId\": \"068DF041-070A-4483-98A7-3FA2E245344F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5\", \"versionEndIncluding\": \"2.7\", \"matchCriteriaId\": \"922FB3CB-715B-425D-A5DA-E6A50E6D174F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"40513095-7E6E-46B3-B604-C926F1BA3568\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C6E6871-7BB3-43BB-9A31-0B44B46C8D97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85F6D2BF-23EA-4D44-8126-64EA85184D38\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndIncluding\": \"11.1\", \"matchCriteriaId\": \"A89C04C1-3DAF-4490-9045-7E18323B04E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ACD1D8D-B3BC-4E99-B846-90A4071DB87B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"34134EDA-127A-48E2-B630-94DEF14666A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"699FE432-8DF0-49F1-A98B-0E19CE01E5CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"20B06752-39EE-4600-AC1F-69FB9C88E2A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"E86CD544-86C4-4D9D-9CE5-087027509EDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"64E47AE7-BB45-428E-90E9-38BFDFF23650\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"586B9FA3-65A2-41EB-A848-E4A75565F0CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"1164B48E-2F28-43C5-9B7B-546EAE12E27D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0B15B89-3AD2-4E03-9F47-DA934702187B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1AD57A9-F53A-4E40-966E-F2F50852C5E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4029113-130F-4A33-A8A0-BC3E74000378\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"}, {\"lang\": \"es\", \"value\": \"Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptogr\\u00e1fica sin comprobaci\\u00f3n expl\\u00edcita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. Un atacante puede usar valores escalares y de elementos no v\\u00e1lidos para completar la autenticaci\\u00f3n, conseguir clave de sesi\\u00f3n y acceso a la red sin necesidad de conocer la contrase\\u00f1a. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE anterior e incluyendo la versi\\u00f3n 2.4 son  impactados. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versi\\u00f3n 2.7 est\\u00e1n afectados.\"}]",
      "id": "CVE-2019-9498",
      "lastModified": "2024-11-21T04:51:44.190",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-04-17T14:29:04.010",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\", \"source\": \"cret@cert.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\", \"source\": \"cret@cert.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/40\", \"source\": \"cret@cert.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://w1.fi/security/2019-4/\", \"source\": \"cret@cert.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_16\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/40\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://w1.fi/security/2019-4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-346\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9498\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2019-04-17T14:29:04.010\",\"lastModified\":\"2024-11-21T04:51:44.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"},{\"lang\":\"es\",\"value\":\"Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptogr\u00e1fica sin comprobaci\u00f3n expl\u00edcita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. Un atacante puede usar valores escalares y de elementos no v\u00e1lidos para completar la autenticaci\u00f3n, conseguir clave de sesi\u00f3n y acceso a la red sin necesidad de conocer la contrase\u00f1a. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE anterior e incluyendo la versi\u00f3n 2.4 son  impactados. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versi\u00f3n 2.7 est\u00e1n afectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4\",\"matchCriteriaId\":\"552340BD-4450-4767-BDB3-44FF526BD4ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5\",\"versionEndIncluding\":\"2.7\",\"matchCriteriaId\":\"2A9FD3E6-61E9-4F50-8077-DDC07F2CC46D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4\",\"matchCriteriaId\":\"068DF041-070A-4483-98A7-3FA2E245344F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5\",\"versionEndIncluding\":\"2.7\",\"matchCriteriaId\":\"922FB3CB-715B-425D-A5DA-E6A50E6D174F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C6E6871-7BB3-43BB-9A31-0B44B46C8D97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85F6D2BF-23EA-4D44-8126-64EA85184D38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.1\",\"matchCriteriaId\":\"A89C04C1-3DAF-4490-9045-7E18323B04E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ACD1D8D-B3BC-4E99-B846-90A4071DB87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"34134EDA-127A-48E2-B630-94DEF14666A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"699FE432-8DF0-49F1-A98B-0E19CE01E5CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B06752-39EE-4600-AC1F-69FB9C88E2A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E86CD544-86C4-4D9D-9CE5-087027509EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E47AE7-BB45-428E-90E9-38BFDFF23650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"586B9FA3-65A2-41EB-A848-E4A75565F0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"1164B48E-2F28-43C5-9B7B-546EAE12E27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0B15B89-3AD2-4E03-9F47-DA934702187B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1AD57A9-F53A-4E40-966E-F2F50852C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4029113-130F-4A33-A8A0-BC3E74000378\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/40\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://w1.fi/security/2019-4/\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_16\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://w1.fi/security/2019-4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CVE-2019-9498

Vulnerability from fkie_nvd

Published

2019-04-17 14:29

Modified

2024-11-21 04:51

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	Mailing List, Third Party Advisory
cret@cert.org	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html	Mailing List, Third Party Advisory
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
cret@cert.org	https://seclists.org/bugtraq/2019/May/40	Mailing List, Third Party Advisory
cret@cert.org	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	Third Party Advisory
cret@cert.org	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
cret@cert.org	https://www.synology.com/security/advisory/Synology_SA_19_16	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/40	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_19_16	Third Party Advisory

Impacted products

Vendor	Product	Version
w1.fi	hostapd	*
w1.fi	hostapd	*
w1.fi	wpa_supplicant	*
w1.fi	wpa_supplicant	*
fedoraproject	fedora	28
fedoraproject	fedora	29
fedoraproject	fedora	30
opensuse	backports_sle	15.0
opensuse	backports_sle	15.0
opensuse	leap	15.1
debian	debian_linux	8.0
synology	radius_server	3.0
synology	router_manager	1.2
freebsd	freebsd	*
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	11.2
freebsd	freebsd	12.0
freebsd	freebsd	12.0
freebsd	freebsd	12.0
freebsd	freebsd	12.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "552340BD-4450-4767-BDB3-44FF526BD4ED",
              "versionEndIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9FD3E6-61E9-4F50-8077-DDC07F2CC46D",
              "versionEndIncluding": "2.7",
              "versionStartIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "068DF041-070A-4483-98A7-3FA2E245344F",
              "versionEndIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "922FB3CB-715B-425D-A5DA-E6A50E6D174F",
              "versionEndIncluding": "2.7",
              "versionStartIncluding": "2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6E6871-7BB3-43BB-9A31-0B44B46C8D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F6D2BF-23EA-4D44-8126-64EA85184D38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A89C04C1-3DAF-4490-9045-7E18323B04E4",
              "versionEndIncluding": "11.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*",
              "matchCriteriaId": "34134EDA-127A-48E2-B630-94DEF14666A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*",
              "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*",
              "matchCriteriaId": "1164B48E-2F28-43C5-9B7B-546EAE12E27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*",
              "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
    },
    {
      "lang": "es",
      "value": "Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptogr\u00e1fica sin comprobaci\u00f3n expl\u00edcita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. Un atacante puede usar valores escalares y de elementos no v\u00e1lidos para completar la autenticaci\u00f3n, conseguir clave de sesi\u00f3n y acceso a la red sin necesidad de conocer la contrase\u00f1a. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE anterior e incluyendo la versi\u00f3n 2.4 son  impactados. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versi\u00f3n 2.7 est\u00e1n afectados."
    }
  ],
  "id": "CVE-2019-9498",
  "lastModified": "2024-11-21T04:51:44.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-17T14:29:04.010",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/40"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://w1.fi/security/2019-4/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://w1.fi/security/2019-4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. WPA3 Protocol and hostapd When wpa_supplicant There are multiple vulnerabilities in the implementation of, and a remote attacker can obtain weak password information and privileges, as well as disrupt service operations. (DoS) An attack may be carried out. These vulnerabilities "Dragonblood" It is called. CERT/CC Then continue WPA3 The protocol is being verified. Discovered this time WPA3 Vulnerabilities related to the implementation of can be attributed to the protocol specification itself. WPA3 Is a key exchange protocol, Simultaneous Authentication of Equals (SAE) Is adopted. this is "Dragonfly Key Exchange" It is also called WPA2 In Pre-Shared Key (PSK) Acts as a protocol replacement. hostapd Is WPA3 Access point and authentication server daemon is. Also, wpa_supplicant Is WPA authenticator ( access point ) Implemented key exchange with supplicant ( client ) And WPA3 Is supported. hostapd When wpa_supplicant Both Extensible Authentication Protocol Password (EAP-PWD) When SAE Has the following vulnerabilities: Elliptic curve crypto group (ECC groups) Against SAE Cache-based attacks (SAE Side channel attack ) (CWE-208, CWE-524) - CVE-2019-9494 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to observable timing differences and cache access patterns. Elliptic curve crypto group (ECC groups) Against EAP-PWD Cache-based attack (EAP-PWD Side channel attack ) (CWE-524) - CVE-2019-9495 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to cache access patterns. SAE confirm Message validation is not performed during processing (CWE-642) - CVE-2019-9496 hostapd Process hostapd/AP When operating in mode SAE confirm Incomplete verification of message processing due to incorrect authentication sequence hostapd The process may end. EAP-PWD Peer In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9499 wpa_supplicant (EAP Peer) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated. A side-channel attack captures information that can be used to recover passwords - CVE-2019-9494 * A weak password is obtained by a dictionary attack - CVE-2019-9495 This attack requires the authority to install and execute applications. Memory access pattern analysis is possible by observing the shared cache. hostapd/wpa_supplicant 2.7 And later versions CVE-2019-9494 Is not affected by the timing attack hostapd Process can be terminated ( Service operation interruption ) - CVE-2019-9496 *EAP-PWD Authentication is bypassed - CVE-2019-9497 Crypto library EC point If a verification process is implemented for an attacker, an attacker cannot acquire or exchange a session key * Illegal scalar / Session key is obtained using message with element value and authentication is bypassed - CVE-2019-9498, CVE-2019-9499. WPA is prone to multiple security weaknesses. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. A vulnerability in the EAP-pwd implementation of hostapd (EAP server) could allow an unauthenticated, adjacent malicious user to gain access to a targeted network.

The vendor has confirmed the vulnerability and released software updates. ========================================================================== Ubuntu Security Notice USN-3944-1 April 10, 2019

wpa vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 18.10
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in wpa_supplicant and hostapd.

Software Description: - wpa: client support for WPA and WPA2

Details:

It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499)

It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn't available, it would fall back to using a low-quality PRNG. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10: hostapd 2:2.6-18ubuntu1.1 wpasupplicant 2:2.6-18ubuntu1.1

Ubuntu 18.04 LTS: hostapd 2:2.6-15ubuntu2.2 wpasupplicant 2:2.6-15ubuntu2.2

Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.4 wpasupplicant 2.4-0ubuntu6.4

Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.7 wpasupplicant 2.1-0ubuntu1.7

After a standard system update you need to reboot your computer to make all the necessary changes.

References: https://usn.ubuntu.com/usn/usn-3944-1 CVE-2016-10743, CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499

Package Information: https://launchpad.net/ubuntu/+source/wpa/2:2.6-18ubuntu1.1 https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.2 https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.4 https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7 . These vulnerability are also collectively known as "Dragonblood".

CVE-2019-9495

Cache-based side-channel attack against the EAP-pwd implementation: an
attacker able to run unprivileged code on the target machine (including for
example javascript code in a browser on a smartphone) during the handshake
could deduce enough information to discover the password in a dictionary
attack.

CVE-2019-9498

EAP-pwd server missing commit validation for scalar/element: hostapd
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for hostapd to derive a session key from a limited set of
possible values.

CVE-2019-9499

EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for wpa_supplicant to derive a session key from a limited
set of possible values. This could result in an attacker being able to
complete authentication and operate as a rogue AP.

Note that the Dragonblood moniker also applies to CVE-2019-9494 and CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not enabled in Debian stretch builds of wpa, which is thus not vulnerable by default.

Due to the complexity of the backporting process, the fix for these vulnerabilities are partial. Users are advised to use strong passwords to prevent dictionary attacks or use a 2.7-based version from stretch-backports (version above 2:2.7+git20190128+0c1e29f-4).

For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u3.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX RFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA lXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH 0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56 jKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt djA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG NoAgpOeMrwijIdDJ9vG6O3YVV6bIkg==OkO5 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-19:03.wpa Security Advisory The FreeBSD Project

Topic: Multiple vulnerabilities in hostapd and wpa_supplicant

Category: contrib Module: wpa Announced: 2019-05-14 Affects: All supported versions of FreeBSD. Corrected: 2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE) 2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4) 2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE) 2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10) CVE Name: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, CVE-2019-11555

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks.

hostapd(8) and wpa_supplicant(8) are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol.

II. Problem Description

Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations. For more details, please see the reference URLs in the References section below.

III. Impact

Security of the wireless network may be compromised. For more details, please see the reference URLS in the References section below.

IV. Workaround

No workaround is available, but systems not using hostapd(8) or wpa_supplicant(8) are not affected.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Afterwards, restart hostapd(8) or wpa_supplicant(8).

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Afterwards, restart hostapd(8) or wpa_supplicant(8).

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 12.0]

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc

gpg --verify wpa-12.patch.asc

[FreeBSD 11.2]

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc

gpg --verify wpa-11.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart the applicable daemons, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/12/ r346980 releng/12.0/ r347587 stable/11/ r346981 releng/11.2/ r347588

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega 3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8 nN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL F4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2 pdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04 CYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN h9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT gUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS M5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f j5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la R3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4= =MXma -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0381",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "hostapd",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.4"
      },
      {
        "model": "router manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": "1.2"
      },
      {
        "model": "backports sle",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "wpa supplicant",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.7"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "11.2"
      },
      {
        "model": "hostapd",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.5"
      },
      {
        "model": "hostapd",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.7"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "12.0"
      },
      {
        "model": "wpa supplicant",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.5"
      },
      {
        "model": "freebsd",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "11.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "28"
      },
      {
        "model": "radius server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "freebsd",
        "version": "11.1"
      },
      {
        "model": "wpa supplicant",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.4"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freeradius",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "",
        "scope": null,
        "trust": 0.8,
        "vendor": "multiple vendors",
        "version": null
      },
      {
        "model": "wpa supplicant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "w1 fi",
        "version": "0"
      },
      {
        "model": "hostapd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "w1 fi",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.1",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-9498",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "JPCERT/CC",
            "availabilityImpact": "Partial",
            "baseScore": 7.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-002625",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-160933",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-9498",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Adjacent Network",
            "author": "JPCERT/CC",
            "availabilityImpact": "Low",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-002625",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9498",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "JPCERT/CC",
            "id": "JVNDB-2019-002625",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-585",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160933",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-9498",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. WPA3 Protocol and hostapd When wpa_supplicant There are multiple vulnerabilities in the implementation of, and a remote attacker can obtain weak password information and privileges, as well as disrupt service operations. (DoS) An attack may be carried out. These vulnerabilities \"Dragonblood\" It is called. CERT/CC Then continue WPA3 The protocol is being verified. Discovered this time WPA3 Vulnerabilities related to the implementation of can be attributed to the protocol specification itself. WPA3 Is a key exchange protocol, Simultaneous Authentication of Equals (SAE) Is adopted. this is \"Dragonfly Key Exchange\" It is also called WPA2 In Pre-Shared Key (PSK) Acts as a protocol replacement. hostapd Is WPA3 Access point and authentication server daemon is. Also, wpa_supplicant Is WPA authenticator ( access point ) Implemented key exchange with supplicant ( client ) And WPA3 Is supported. hostapd When wpa_supplicant Both Extensible Authentication Protocol Password (EAP-PWD) When SAE Has the following vulnerabilities: Elliptic curve crypto group (ECC groups) Against SAE Cache-based attacks (SAE Side channel attack ) (CWE-208, CWE-524) - CVE-2019-9494 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to observable timing differences and cache access patterns. Elliptic curve crypto group (ECC groups) Against EAP-PWD Cache-based attack (EAP-PWD Side channel attack ) (CWE-524) - CVE-2019-9495 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to cache access patterns. SAE confirm Message validation is not performed during processing (CWE-642) - CVE-2019-9496 hostapd Process hostapd/AP When operating in mode SAE confirm Incomplete verification of message processing due to incorrect authentication sequence hostapd The process may end. EAP-PWD Peer In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9499 wpa_supplicant (EAP Peer) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated.* A side-channel attack captures information that can be used to recover passwords - CVE-2019-9494 * A weak password is obtained by a dictionary attack - CVE-2019-9495 This attack requires the authority to install and execute applications. Memory access pattern analysis is possible by observing the shared cache. hostapd/wpa_supplicant 2.7 And later versions CVE-2019-9494 Is not affected by the timing attack *hostapd Process can be terminated ( Service operation interruption ) - CVE-2019-9496 *EAP-PWD Authentication is bypassed - CVE-2019-9497 Crypto library EC point If a verification process is implemented for an attacker, an attacker cannot acquire or exchange a session key * Illegal scalar / Session key is obtained using message with element value and authentication is bypassed - CVE-2019-9498, CVE-2019-9499. WPA is prone to multiple security weaknesses. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. A vulnerability in the EAP-pwd implementation of hostapd (EAP server) could allow an unauthenticated, adjacent malicious user to gain access to a targeted network. \n\nThe vendor has confirmed the vulnerability and released software updates. ==========================================================================\nUbuntu Security Notice USN-3944-1\nApril 10, 2019\n\nwpa vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant and hostapd. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nIt was discovered that wpa_supplicant and hostapd were vulnerable to a\nside channel attack against EAP-pwd. A remote attacker could possibly use\nthis issue to recover certain passwords. A\nremote attacker could possibly use this issue to perform a reflection\nattack and authenticate without the appropriate password. (CVE-2019-9497,\nCVE-2019-9498, CVE-2019-9499)\n\nIt was discovered that hostapd incorrectly handled obtaining random\nnumbers. In rare cases where the urandom device isn\u0027t available, it would\nfall back to using a low-quality PRNG. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  hostapd                         2:2.6-18ubuntu1.1\n  wpasupplicant                   2:2.6-18ubuntu1.1\n\nUbuntu 18.04 LTS:\n  hostapd                         2:2.6-15ubuntu2.2\n  wpasupplicant                   2:2.6-15ubuntu2.2\n\nUbuntu 16.04 LTS:\n  hostapd                         2.4-0ubuntu6.4\n  wpasupplicant                   2.4-0ubuntu6.4\n\nUbuntu 14.04 LTS:\n  hostapd                         2.1-0ubuntu1.7\n  wpasupplicant                   2.1-0ubuntu1.7\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/usn/usn-3944-1\n  CVE-2016-10743, CVE-2019-9495, CVE-2019-9497, CVE-2019-9498,\n  CVE-2019-9499\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/wpa/2:2.6-18ubuntu1.1\n  https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.2\n  https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.4\n  https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7\n. These vulnerability are also collectively\nknown as \"Dragonblood\". \n\nCVE-2019-9495\n\n    Cache-based side-channel attack against the EAP-pwd implementation: an\n    attacker able to run unprivileged code on the target machine (including for\n    example javascript code in a browser on a smartphone) during the handshake\n    could deduce enough information to discover the password in a dictionary\n    attack. \n\nCVE-2019-9498\n\n    EAP-pwd server missing commit validation for scalar/element: hostapd\n    doesn\u0027t validate values received in the EAP-pwd-Commit message, so an\n    attacker could use a specially crafted commit message to manipulate the\n    exchange in order for hostapd to derive a session key from a limited set of\n    possible values. \n\nCVE-2019-9499\n\n    EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant\n    doesn\u0027t validate values received in the EAP-pwd-Commit message, so an\n    attacker could use a specially crafted commit message to manipulate the\n    exchange in order for wpa_supplicant to derive a session key from a limited\n    set of possible values. This could result in an attacker being able to\n    complete authentication and operate as a rogue AP. \n\nNote that the Dragonblood moniker also applies to CVE-2019-9494 and\nCVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not\nenabled in Debian stretch builds of wpa, which is thus not vulnerable by default. \n\nDue to the complexity of the backporting process, the fix for these\nvulnerabilities are partial. Users are advised to use strong passwords to\nprevent dictionary attacks or use a 2.7-based version from stretch-backports\n(version above 2:2.7+git20190128+0c1e29f-4). \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u3. \n\nWe recommend that you upgrade your wpa packages. \n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX\nRFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA\nlXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH\n0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56\njKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt\ndjA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG\nNoAgpOeMrwijIdDJ9vG6O3YVV6bIkg==OkO5\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-19:03.wpa                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple vulnerabilities in hostapd and wpa_supplicant\n\nCategory:       contrib\nModule:         wpa\nAnnounced:      2019-05-14\nAffects:        All supported versions of FreeBSD. \nCorrected:      2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE)\n                2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4)\n                2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE)\n                2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10)\nCVE Name:       CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497,\n                CVE-2019-9498, CVE-2019-9499, CVE-2019-11555\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nWi-Fi Protected Access II (WPA2) is a security protocol developed by the\nWi-Fi Alliance to secure wireless computer networks. \n\nhostapd(8) and wpa_supplicant(8) are implementations of user space daemon for\naccess points and wireless client that implements the WPA2 protocol. \n\nII.  Problem Description\n\nMultiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8)\nimplementations.  For more details, please see the reference URLs in the\nReferences section below. \n\nIII. Impact\n\nSecurity of the wireless network may be compromised.  For more details,\nplease see the reference URLS in the References section below. \n\nIV.  Workaround\n\nNo workaround is available, but systems not using hostapd(8) or\nwpa_supplicant(8) are not affected. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nAfterwards, restart hostapd(8) or wpa_supplicant(8). \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nAfterwards, restart hostapd(8) or wpa_supplicant(8). \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 12.0]\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc\n# gpg --verify wpa-12.patch.asc\n\n[FreeBSD 11.2]\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc\n# gpg --verify wpa-11.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/12/                                                        r346980\nreleng/12.0/                                                      r347587\nstable/11/                                                        r346981\nreleng/11.2/                                                      r347588\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://w1.fi/security/2019-1\u003e\n\u003cURL:https://w1.fi/security/2019-2\u003e\n\u003cURL:https://w1.fi/security/2019-3\u003e\n\u003cURL:https://w1.fi/security/2019-4\u003e\n\u003cURL:https://w1.fi/security/2019-5\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD\nMEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n\n5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega\n3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8\nnN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL\nF4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2\npdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04\nCYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN\nh9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT\ngUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS\nM5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f\nj5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la\nR3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4=\n=MXma\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      },
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "db": "PACKETSTORM",
        "id": "152477"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9498",
        "trust": 3.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#871675",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU94228755",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152481",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0047",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1258",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2875",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4125",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1775",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "108401",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-160933",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9498",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152477",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152914",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "PACKETSTORM",
        "id": "152477"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ]
  },
  "id": "VAR-201904-0381",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160933"
      }
    ],
    "trust": 0.725
  },
  "last_update_date": "2023-12-18T11:11:24.665000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WPA Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91397"
      },
      {
        "title": "Ubuntu Security Notice: wpa vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3944-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=39e042d68cbe59a677ae53b8328d282d"
      },
      {
        "title": "Debian Security Advisories: DSA-4430-1 wpa -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=81a56edb299848e0579a7dd950bd73ba"
      },
      {
        "title": "Brocade Security Advisories: BSA-2019-777",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=9f89054fc8bab7a9de83cce34e487404"
      },
      {
        "title": "Fortinet Security Advisories: Dragonblood vulnerabilities in WiFi WPA3 standard implementation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-107"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.7,
        "url": "https://w1.fi/security/2019-4/"
      },
      {
        "trust": 2.4,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-19:03.wpa.asc"
      },
      {
        "trust": 1.9,
        "url": "https://wpa3.mathyvanhoef.com/"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/bugtraq/2019/may/40"
      },
      {
        "trust": 1.8,
        "url": "https://www.synology.com/security/advisory/synology_sa_19_16"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/2019-1/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/2019-2/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/2019-3/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/hostapd/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/cgit/hostap/log/"
      },
      {
        "trust": 1.6,
        "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9498"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56obbojjskrtdgexzovfstp4hdsdblae/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/svmjofeybgxzlff5iolw67ssopkfejp3/"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9495"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9499"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9497"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56obbojjskrtdgexzovfstp4hdsdblae/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/svmjofeybgxzlff5iolw67ssopkfejp3/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tdozgr3t7fvo5jszwk2qpr7aofiejtiz/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9494"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9496"
      },
      {
        "trust": 0.8,
        "url": "https://w1.fi/wpa_supplicant/ "
      },
      {
        "trust": 0.8,
        "url": "https://freeradius.org/security/"
      },
      {
        "trust": 0.8,
        "url": "https://en.avm.de/service/current-security-notifications/"
      },
      {
        "trust": 0.8,
        "url": "https://www.lancom-systems.com/service-support/instant-help/general-security-information/"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/pull/8750"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tdozgr3t7fvo5jszwk2qpr7aofiejtiz/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9497"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9498"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9499"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9494"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9495"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9496"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94228755/"
      },
      {
        "trust": 0.8,
        "url": "https://www.kb.cert.org/vuls/id/871675/"
      },
      {
        "trust": 0.8,
        "url": "https://w1.fi/wpa_supplicant/"
      },
      {
        "trust": 0.6,
        "url": "https://security-tracker.debian.org/tracker/dla-1867-1"
      },
      {
        "trust": 0.6,
        "url": "http://www.debian.org/security/2019/dsa-4430"
      },
      {
        "trust": 0.6,
        "url": "https://fortiguard.com/psirt/fg-ir-19-107"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0047/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/wpa-supplicant-four-vulnerabilities-29006"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152481/debian-security-advisory-4430-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/81182"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78946"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2875/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1775/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699164"
      },
      {
        "trust": 0.3,
        "url": "https://w1.fi"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9497"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9498"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9499"
      },
      {
        "trust": 0.3,
        "url": "https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-19:03.wpa.asc"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699168"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699170"
      },
      {
        "trust": 0.3,
        "url": "https://usn.ubuntu.com/3944-1"
      },
      {
        "trust": 0.3,
        "url": "https://seclists.org/oss-sec/2019/q2/19"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/debian-cve-2019-9498"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3944-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.kb.cert.org/vuls/id/871675"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59995"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3944-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-18ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10743"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.4"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/wpa"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11555\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-11.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9494\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9497\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-12.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9499\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-1\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-4\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-5\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-2\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-3\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-11.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9496\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-19:03.wpa.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9495\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9498\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-12.patch"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "PACKETSTORM",
        "id": "152477"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "PACKETSTORM",
        "id": "152477"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "BID",
        "id": "108401"
      },
      {
        "date": "2019-04-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "date": "2019-04-11T14:08:48",
        "db": "PACKETSTORM",
        "id": "152477"
      },
      {
        "date": "2019-04-11T14:10:46",
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "date": "2019-05-15T15:30:08",
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "date": "2019-04-17T14:29:04.010000",
        "db": "NVD",
        "id": "CVE-2019-9498"
      },
      {
        "date": "2019-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160933"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-9498"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "BID",
        "id": "108401"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "date": "2023-11-07T03:13:41.157000",
        "db": "NVD",
        "id": "CVE-2019-9498"
      },
      {
        "date": "2020-11-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-585"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-9498

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-9498

Aliases

CVE-2019-9498

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9498",
    "description": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",
    "id": "GSD-2019-9498",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-9498.html",
      "https://www.debian.org/security/2019/dsa-4430",
      "https://ubuntu.com/security/CVE-2019-9498"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9498"
      ],
      "details": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",
      "id": "GSD-2019-9498",
      "modified": "2023-12-13T01:23:47.522884Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "Dragonblood",
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2019-9498",
        "STATE": "PUBLIC",
        "TITLE": "The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "hostapd with EAP-pwd support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.7",
                          "version_value": "2.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "wpa_supplicant with EAP-pwd support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.7",
                          "version_value": "2.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "hostapd with SAE support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.4",
                          "version_value": "2.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "wpa_supplicant with SAE support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.4",
                          "version_value": "2.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Wi-Fi Alliance"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-346 Origin Validation Error"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://w1.fi/security/2019-4/",
            "refsource": "CONFIRM",
            "url": "https://w1.fi/security/2019-4/"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
          },
          {
            "name": "FEDORA-2019-d03bae77f5",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
          },
          {
            "name": "FEDORA-2019-f409af9fbe",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
          },
          {
            "name": "FEDORA-2019-eba1109acd",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
          },
          {
            "name": "FreeBSD-SA-19:03",
            "refsource": "FREEBSD",
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
          },
          {
            "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/May/40"
          },
          {
            "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0222",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.1",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9498"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://w1.fi/security/2019-4/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://w1.fi/security/2019-4/"
            },
            {
              "name": "FEDORA-2019-f409af9fbe",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
            },
            {
              "name": "FEDORA-2019-d03bae77f5",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
            },
            {
              "name": "FEDORA-2019-eba1109acd",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
            },
            {
              "name": "FreeBSD-SA-19:03",
              "refsource": "FREEBSD",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
            },
            {
              "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/40"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
            },
            {
              "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0222",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-10-22T17:15Z",
      "publishedDate": "2019-04-17T14:29Z"
    }
  }
}

ghsa-vv3p-4cq3-5ppc

Vulnerability from github

Published

2022-05-13 01:14

Modified

2022-05-13 01:14

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-17T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",
  "id": "GHSA-vv3p-4cq3-5ppc",
  "modified": "2022-05-13T01:14:20Z",
  "published": "2022-05-13T01:14:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9498"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/40"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2019-4"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-9498

Vulnerability from cvelistv5

CVE-2019-9498

Vulnerability from fkie_nvd

var-201904-0381

Vulnerability from variot

wpa vulnerabilities

freebsd-update fetch

freebsd-update install

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc

gpg --verify wpa-12.patch.asc

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc

gpg --verify wpa-11.patch.asc

cd /usr/src

patch < /path/to/patch

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

gsd-2019-9498

Vulnerability from gsd

ghsa-vv3p-4cq3-5ppc

Vulnerability from github

Tags

Sightings

Nomenclature