cve-2019-9497

Vulnerability from cvelistv5

Published

2019-04-17 13:31

Modified

2024-08-04 21:54

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
cret@cert.org	http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
cret@cert.org	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
cret@cert.org	https://seclists.org/bugtraq/2019/May/40
cret@cert.org	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
cret@cert.org	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
cret@cert.org	https://www.synology.com/security/advisory/Synology_SA_19_16
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/40
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
af854a3a-2127-422b-91ae-364da2661108	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_19_16

Impacted products

Vendor

Product

Version

▼

Wi-Fi Alliance

hostapd with EAP-pwd support

Version: 2.7 <

Wi-Fi Alliance	wpa_supplicant with EAP-pwd support	Version: 2.7 <
Wi-Fi Alliance	hostapd with SAE support	Version: 2.4 <
Wi-Fi Alliance	wpa_supplicant with SAE support	Version: 2.4 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:54:44.151Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://w1.fi/security/2019-4/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
          },
          {
            "name": "FEDORA-2019-d03bae77f5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
          },
          {
            "name": "FEDORA-2019-f409af9fbe",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
          },
          {
            "name": "FEDORA-2019-eba1109acd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
          },
          {
            "name": "FreeBSD-SA-19:03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
          },
          {
            "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/40"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
          },
          {
            "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hostapd with EAP-pwd support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "wpa_supplicant with EAP-pwd support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "hostapd with SAE support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.4",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "wpa_supplicant with SAE support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.4",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-301",
              "description": "CWE-301",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-16T00:06:12",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://w1.fi/security/2019-4/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
        },
        {
          "name": "FEDORA-2019-d03bae77f5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
        },
        {
          "name": "FEDORA-2019-f409af9fbe",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
        },
        {
          "name": "FEDORA-2019-eba1109acd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
        },
        {
          "name": "FreeBSD-SA-19:03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
        },
        {
          "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/40"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
        },
        {
          "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
        },
        {
          "name": "openSUSE-SU-2020:0222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Dragonblood",
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9497",
          "STATE": "PUBLIC",
          "TITLE": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "hostapd with EAP-pwd support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "wpa_supplicant with EAP-pwd support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "hostapd with SAE support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.4",
                            "version_value": "2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "wpa_supplicant with SAE support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.4",
                            "version_value": "2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wi-Fi Alliance"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-301"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://w1.fi/security/2019-4/",
              "refsource": "CONFIRM",
              "url": "https://w1.fi/security/2019-4/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
            },
            {
              "name": "FEDORA-2019-d03bae77f5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
            },
            {
              "name": "FEDORA-2019-f409af9fbe",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
            },
            {
              "name": "FEDORA-2019-eba1109acd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
            },
            {
              "name": "FreeBSD-SA-19:03",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
            },
            {
              "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/40"
            },
            {
              "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
            },
            {
              "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2019-9497",
    "datePublished": "2019-04-17T13:31:08",
    "dateReserved": "2019-03-01T00:00:00",
    "dateUpdated": "2024-08-04T21:54:44.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.4\", \"matchCriteriaId\": \"552340BD-4450-4767-BDB3-44FF526BD4ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5\", \"versionEndIncluding\": \"2.7\", \"matchCriteriaId\": \"2A9FD3E6-61E9-4F50-8077-DDC07F2CC46D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.4\", \"matchCriteriaId\": \"068DF041-070A-4483-98A7-3FA2E245344F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5\", \"versionEndIncluding\": \"2.7\", \"matchCriteriaId\": \"922FB3CB-715B-425D-A5DA-E6A50E6D174F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"}, {\"lang\": \"es\", \"value\": \"Las implementaciones de EAP-PWD en hostapd en EAP Server y wpa_supplicant en EAP Peer, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. Esta vulnerabilidad puede permitir que un atacante complete la identificaci\\u00f3n EAP-PWD sin conocer la contrase\\u00f1a. Sin embargo, a menos que la biblioteca criptogr\\u00e1fica no implemente comprobaciones adicionales para el punto EC, el atacante no podr\\u00e1 derivar la clave de sesi\\u00f3n o completar el intercambio de claves. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE anterior e incluyendo la versi\\u00f3n 2.4 son  impactados. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versi\\u00f3n 2.7 est\\u00e1n afectaos.\"}]",
      "id": "CVE-2019-9497",
      "lastModified": "2024-11-21T04:51:44.057",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-04-17T14:29:03.963",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/40\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://w1.fi/security/2019-4/\", \"source\": \"cret@cert.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_16\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/40\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://w1.fi/security/2019-4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-301\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9497\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2019-04-17T14:29:03.963\",\"lastModified\":\"2024-11-21T04:51:44.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.\"},{\"lang\":\"es\",\"value\":\"Las implementaciones de EAP-PWD en hostapd en EAP Server y wpa_supplicant en EAP Peer, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. Esta vulnerabilidad puede permitir que un atacante complete la identificaci\u00f3n EAP-PWD sin conocer la contrase\u00f1a. Sin embargo, a menos que la biblioteca criptogr\u00e1fica no implemente comprobaciones adicionales para el punto EC, el atacante no podr\u00e1 derivar la clave de sesi\u00f3n o completar el intercambio de claves. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE anterior e incluyendo la versi\u00f3n 2.4 son  impactados. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versi\u00f3n 2.7 est\u00e1n afectaos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-301\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4\",\"matchCriteriaId\":\"552340BD-4450-4767-BDB3-44FF526BD4ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5\",\"versionEndIncluding\":\"2.7\",\"matchCriteriaId\":\"2A9FD3E6-61E9-4F50-8077-DDC07F2CC46D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4\",\"matchCriteriaId\":\"068DF041-070A-4483-98A7-3FA2E245344F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5\",\"versionEndIncluding\":\"2.7\",\"matchCriteriaId\":\"922FB3CB-715B-425D-A5DA-E6A50E6D174F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/40\",\"source\":\"cret@cert.org\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\"source\":\"cret@cert.org\"},{\"url\":\"https://w1.fi/security/2019-4/\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_16\",\"source\":\"cret@cert.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://w1.fi/security/2019-4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-fvg7-p9r8-pcrj

Vulnerability from github

Published

2022-05-14 01:01

Modified

2022-05-14 01:01

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-17T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",
  "id": "GHSA-fvg7-p9r8-pcrj",
  "modified": "2022-05-14T01:01:38Z",
  "published": "2022-05-14T01:01:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9497"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/40"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2019-4"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. WPA3 Protocol and hostapd When wpa_supplicant There are multiple vulnerabilities in the implementation of, and a remote attacker can obtain weak password information and privileges, as well as disrupt service operations. (DoS) An attack may be carried out. These vulnerabilities "Dragonblood" It is called. CERT/CC Then continue WPA3 The protocol is being verified. Discovered this time WPA3 Vulnerabilities related to the implementation of can be attributed to the protocol specification itself. WPA3 Is a key exchange protocol, Simultaneous Authentication of Equals (SAE) Is adopted. this is "Dragonfly Key Exchange" It is also called WPA2 In Pre-Shared Key (PSK) Acts as a protocol replacement. hostapd Is WPA3 Access point and authentication server daemon is. Also, wpa_supplicant Is WPA authenticator ( access point ) Implemented key exchange with supplicant ( client ) And WPA3 Is supported. hostapd When wpa_supplicant Both Extensible Authentication Protocol Password (EAP-PWD) When SAE Has the following vulnerabilities: Elliptic curve crypto group (ECC groups) Against SAE Cache-based attacks (SAE Side channel attack ) (CWE-208, CWE-524) - CVE-2019-9494 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to observable timing differences and cache access patterns. Elliptic curve crypto group (ECC groups) Against EAP-PWD Cache-based attack (EAP-PWD Side channel attack ) (CWE-524) - CVE-2019-9495 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to cache access patterns. SAE confirm Message validation is not performed during processing (CWE-642) - CVE-2019-9496 hostapd Process hostapd/AP When operating in mode SAE confirm Incomplete verification of message processing due to incorrect authentication sequence hostapd The process may end. EAP-PWD Peer In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9499 wpa_supplicant (EAP Peer) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated.* A side-channel attack captures information that can be used to recover passwords - CVE-2019-9494 * A weak password is obtained by a dictionary attack - CVE-2019-9495 This attack requires the authority to install and execute applications. Memory access pattern analysis is possible by observing the shared cache. WPA is prone to multiple security weaknesses. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. These vulnerability are also collectively known as "Dragonblood".

CVE-2019-9495

Cache-based side-channel attack against the EAP-pwd implementation: an
attacker able to run unprivileged code on the target machine (including for
example javascript code in a browser on a smartphone) during the handshake
could deduce enough information to discover the password in a dictionary
attack.

CVE-2019-9498

EAP-pwd server missing commit validation for scalar/element: hostapd
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for hostapd to derive a session key from a limited set of
possible values.

CVE-2019-9499

EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant
doesn't validate values received in the EAP-pwd-Commit message, so an
attacker could use a specially crafted commit message to manipulate the
exchange in order for wpa_supplicant to derive a session key from a limited
set of possible values.

Note that the Dragonblood moniker also applies to CVE-2019-9494 and CVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not enabled in Debian stretch builds of wpa, which is thus not vulnerable by default.

Due to the complexity of the backporting process, the fix for these vulnerabilities are partial. Users are advised to use strong passwords to prevent dictionary attacks or use a 2.7-based version from stretch-backports (version above 2:2.7+git20190128+0c1e29f-4).

For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u3.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX RFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA lXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH 0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56 jKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt djA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG NoAgpOeMrwijIdDJ9vG6O3YVV6bIkg==OkO5 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-19:03.wpa Security Advisory The FreeBSD Project

Topic: Multiple vulnerabilities in hostapd and wpa_supplicant

Category: contrib Module: wpa Announced: 2019-05-14 Affects: All supported versions of FreeBSD. Corrected: 2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE) 2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4) 2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE) 2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10) CVE Name: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, CVE-2019-11555

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks.

hostapd(8) and wpa_supplicant(8) are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol.

II. Problem Description

Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations. For more details, please see the reference URLs in the References section below.

III. Impact

Security of the wireless network may be compromised. For more details, please see the reference URLS in the References section below.

IV. Workaround

No workaround is available, but systems not using hostapd(8) or wpa_supplicant(8) are not affected.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Afterwards, restart hostapd(8) or wpa_supplicant(8).

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Afterwards, restart hostapd(8) or wpa_supplicant(8).

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 12.0]

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc

gpg --verify wpa-12.patch.asc

[FreeBSD 11.2]

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc

gpg --verify wpa-11.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart the applicable daemons, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/12/ r346980 releng/12.0/ r347587 stable/11/ r346981 releng/11.2/ r347588

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega 3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8 nN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL F4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2 pdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04 CYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN h9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT gUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS M5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f j5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la R3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4= =MXma -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0380",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hostapd",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.5"
      },
      {
        "model": "hostapd",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.7"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "model": "hostapd",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.4"
      },
      {
        "model": "wpa supplicant",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.5"
      },
      {
        "model": "wpa supplicant",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.7"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "28"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "model": "wpa supplicant",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "w1 fi",
        "version": "2.4"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freeradius",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "",
        "scope": null,
        "trust": 0.8,
        "vendor": "multiple vendors",
        "version": null
      },
      {
        "model": "wpa supplicant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "w1 fi",
        "version": "0"
      },
      {
        "model": "hostapd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "w1 fi",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian,security.freebsd.org",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-9497",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "JPCERT/CC",
            "availabilityImpact": "Partial",
            "baseScore": 7.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-002625",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-9497",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Adjacent Network",
            "author": "JPCERT/CC",
            "availabilityImpact": "Low",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-002625",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9497",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "JPCERT/CC",
            "id": "JVNDB-2019-002625",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-575",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-9497",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. WPA3 Protocol and hostapd When wpa_supplicant There are multiple vulnerabilities in the implementation of, and a remote attacker can obtain weak password information and privileges, as well as disrupt service operations. (DoS) An attack may be carried out. These vulnerabilities \"Dragonblood\" It is called. CERT/CC Then continue WPA3 The protocol is being verified. Discovered this time WPA3 Vulnerabilities related to the implementation of can be attributed to the protocol specification itself. WPA3 Is a key exchange protocol, Simultaneous Authentication of Equals (SAE) Is adopted. this is \"Dragonfly Key Exchange\" It is also called WPA2 In Pre-Shared Key (PSK) Acts as a protocol replacement. hostapd Is WPA3 Access point and authentication server daemon is. Also, wpa_supplicant Is WPA authenticator ( access point ) Implemented key exchange with supplicant ( client ) And WPA3 Is supported. hostapd When wpa_supplicant Both Extensible Authentication Protocol Password (EAP-PWD) When SAE Has the following vulnerabilities: Elliptic curve crypto group (ECC groups) Against SAE Cache-based attacks (SAE Side channel attack ) (CWE-208, CWE-524) - CVE-2019-9494 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to observable timing differences and cache access patterns. Elliptic curve crypto group (ECC groups) Against EAP-PWD Cache-based attack (EAP-PWD Side channel attack ) (CWE-524) - CVE-2019-9495 hostapd When wpa_supplicant In SAE The implementation is vulnerable to side-channel attacks due to cache access patterns. SAE confirm Message validation is not performed during processing (CWE-642) - CVE-2019-9496 hostapd Process hostapd/AP When operating in mode SAE confirm Incomplete verification of message processing due to incorrect authentication sequence hostapd The process may end. EAP-PWD Peer In EAP-pwd-Commit Incorrect message validation (CWE-346) - CVE-2019-9499 wpa_supplicant (EAP Peer) In EAP-PWD In the implementation, the cryptographic library used for the build is EAP-pwd-Commit Message element value (EC point) If you do not implement the verification process for EAP-pwd-Commit Message scalar and element values are not validated.* A side-channel attack captures information that can be used to recover passwords - CVE-2019-9494 * A weak password is obtained by a dictionary attack - CVE-2019-9495 This attack requires the authority to install and execute applications. Memory access pattern analysis is possible by observing the shared cache. WPA is prone to multiple security weaknesses. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. These vulnerability are also collectively\nknown as \"Dragonblood\". \n\nCVE-2019-9495\n\n    Cache-based side-channel attack against the EAP-pwd implementation: an\n    attacker able to run unprivileged code on the target machine (including for\n    example javascript code in a browser on a smartphone) during the handshake\n    could deduce enough information to discover the password in a dictionary\n    attack. \n\nCVE-2019-9498\n\n    EAP-pwd server missing commit validation for scalar/element: hostapd\n    doesn\u0027t validate values received in the EAP-pwd-Commit message, so an\n    attacker could use a specially crafted commit message to manipulate the\n    exchange in order for hostapd to derive a session key from a limited set of\n    possible values. \n\nCVE-2019-9499\n\n    EAP-pwd peer missing commit validation for scalar/element: wpa_supplicant\n    doesn\u0027t validate values received in the EAP-pwd-Commit message, so an\n    attacker could use a specially crafted commit message to manipulate the\n    exchange in order for wpa_supplicant to derive a session key from a limited\n    set of possible values. \n\nNote that the Dragonblood moniker also applies to CVE-2019-9494 and\nCVE-2014-9496 which are vulnerabilities in the SAE protocol in WPA3. SAE is not\nenabled in Debian stretch builds of wpa, which is thus not vulnerable by default. \n\nDue to the complexity of the backporting process, the fix for these\nvulnerabilities are partial. Users are advised to use strong passwords to\nprevent dictionary attacks or use a 2.7-based version from stretch-backports\n(version above 2:2.7+git20190128+0c1e29f-4). \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u3. \n\nWe recommend that you upgrade your wpa packages. \n\nFor the detailed security status of wpa please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlyu2lQACgkQ3rYcyPpX\nRFtamggAlq8telLPhKzD1+Ns+Pci+Y+WkOAmUpn4XQ0TOmG18sDU1iS2xNHF+buA\nlXVKLp7zgE4VFJsclHAJXtp8anyo7YU99NzUcSF6vboRm3msifL4eE3S7IS9fAaH\n0WWCHwlHMf9IGHqBn9mkwiYySwlId8ps3lvoVV2EOB4wJqa4Y6d4YrqPyFzWop56\njKTlTcJqvQBUFo/y9In/sx8QgONhNwnNAKcrBfiVwn8QHuMRA4c4UJz+NN38ctyt\ndjA/zqT/uXwWhr8Mfl7J+rfdsC5TFPl45qr/gbmB7GRlU2la0dGJv/l0afbINrrG\nNoAgpOeMrwijIdDJ9vG6O3YVV6bIkg==OkO5\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-19:03.wpa                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple vulnerabilities in hostapd and wpa_supplicant\n\nCategory:       contrib\nModule:         wpa\nAnnounced:      2019-05-14\nAffects:        All supported versions of FreeBSD. \nCorrected:      2019-05-01 01:42:38 UTC (stable/12, 12.0-STABLE)\n                2019-05-14 22:57:29 UTC (releng/12.0, 12.0-RELEASE-p4)\n                2019-05-01 01:43:17 UTC (stable/11, 11.2-STABLE)\n                2019-05-14 22:59:32 UTC (releng/11.2, 11.2-RELEASE-p10)\nCVE Name:       CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497,\n                CVE-2019-9498, CVE-2019-9499, CVE-2019-11555\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nWi-Fi Protected Access II (WPA2) is a security protocol developed by the\nWi-Fi Alliance to secure wireless computer networks. \n\nhostapd(8) and wpa_supplicant(8) are implementations of user space daemon for\naccess points and wireless client that implements the WPA2 protocol. \n\nII.  Problem Description\n\nMultiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8)\nimplementations.  For more details, please see the reference URLs in the\nReferences section below. \n\nIII. Impact\n\nSecurity of the wireless network may be compromised.  For more details,\nplease see the reference URLS in the References section below. \n\nIV.  Workaround\n\nNo workaround is available, but systems not using hostapd(8) or\nwpa_supplicant(8) are not affected. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nAfterwards, restart hostapd(8) or wpa_supplicant(8). \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nAfterwards, restart hostapd(8) or wpa_supplicant(8). \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 12.0]\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc\n# gpg --verify wpa-12.patch.asc\n\n[FreeBSD 11.2]\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc\n# gpg --verify wpa-11.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/12/                                                        r346980\nreleng/12.0/                                                      r347587\nstable/11/                                                        r346981\nreleng/11.2/                                                      r347588\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://w1.fi/security/2019-1\u003e\n\u003cURL:https://w1.fi/security/2019-2\u003e\n\u003cURL:https://w1.fi/security/2019-3\u003e\n\u003cURL:https://w1.fi/security/2019-4\u003e\n\u003cURL:https://w1.fi/security/2019-5\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499\u003e\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTrVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD\nMEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n\n5cLsaA/9EB577JYdYdwFCOQ6TiOVhyluLJzgrhG3aiXeBntj8ytkRjcXKnP0aega\n3G2R1do7pixVYUF52OWJwaNO3Hm+LHMngiOqujcLI+49ISI3T/APaU/D2dqmXVb8\nnN/Pd+0HDGj3R3MwyyHT8/3fX0pJ395vcQhYb61M6PUSrwr8uiBbILT57iCadZoL\nF4KOCvRv7I4EFWXvqngGfeohZbbeHPBga2DwuebWR/E/1uWrMKEOF2pvh4b6ZSN2\npdr7ZHMiL1cZt+p+2gwWoqDWyD93u2lTC7Gmo3Vom+meH7eaQ79obXEN541aiQ04\nCYhjkwuW5uNGUWCO/Xsfn5gqICeB1G5A/aBHQlAyVgUGia8jukL1jn3ga4AQgKrN\nh9aTmvrQs17PjMVtq81ZS0xm0ztW0Y6t2A9fRgGcnOOw+uy5tHMbJaKSMy8x97NT\ngUyXtoyu47tjjMrzsQcma2t6/+iCEDuW1P1LybSmv/v59gro9uveCdl0busgM9GS\nM5bpWK/qYQS1HYmYeTKMRynmD8ntRbflYoUP/SpijHsz+56rgyeJO12WyltyT32f\nj5fgnKaznW/UPtgmK0wnPIG9XEj3Nzs4C4cypO5t8OiuLEli4wRdb6MYlvEjq4la\nR3lnCzmTd9sg+K6cod2qWWSYdsdEwizcpQDp7M9lRqomiANLqJ4=\n=MXma\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      },
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9497",
        "trust": 3.0
      },
      {
        "db": "PACKETSTORM",
        "id": "152914",
        "trust": 1.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#871675",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU94228755",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152481",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0047",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1258",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4125",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1775",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "108401",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9497",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ]
  },
  "id": "VAR-201904-0380",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.625
  },
  "last_update_date": "2023-12-18T10:50:06.185000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WPA Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91387"
      },
      {
        "title": "Ubuntu Security Notice: wpa vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3944-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=39e042d68cbe59a677ae53b8328d282d"
      },
      {
        "title": "Debian Security Advisories: DSA-4430-1 wpa -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=81a56edb299848e0579a7dd950bd73ba"
      },
      {
        "title": "Brocade Security Advisories: BSA-2019-777",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=9f89054fc8bab7a9de83cce34e487404"
      },
      {
        "title": "Fortinet Security Advisories: Dragonblood vulnerabilities in WiFi WPA3 standard implementation",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-107"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "https://w1.fi/security/2019-4/"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/152914/freebsd-security-advisory-freebsd-sa-19-03.wpa.html"
      },
      {
        "trust": 2.3,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-19:03.wpa.asc"
      },
      {
        "trust": 1.9,
        "url": "https://wpa3.mathyvanhoef.com/"
      },
      {
        "trust": 1.7,
        "url": "https://seclists.org/bugtraq/2019/may/40"
      },
      {
        "trust": 1.7,
        "url": "https://www.synology.com/security/advisory/synology_sa_19_16"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/2019-1/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/2019-2/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/security/2019-3/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/hostapd/"
      },
      {
        "trust": 1.6,
        "url": "https://w1.fi/cgit/hostap/log/"
      },
      {
        "trust": 1.6,
        "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9497"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56obbojjskrtdgexzovfstp4hdsdblae/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/svmjofeybgxzlff5iolw67ssopkfejp3/"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9495"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56obbojjskrtdgexzovfstp4hdsdblae/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/svmjofeybgxzlff5iolw67ssopkfejp3/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tdozgr3t7fvo5jszwk2qpr7aofiejtiz/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9498"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9499"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9494"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9496"
      },
      {
        "trust": 0.8,
        "url": "https://w1.fi/wpa_supplicant/ "
      },
      {
        "trust": 0.8,
        "url": "https://freeradius.org/security/"
      },
      {
        "trust": 0.8,
        "url": "https://en.avm.de/service/current-security-notifications/"
      },
      {
        "trust": 0.8,
        "url": "https://www.lancom-systems.com/service-support/instant-help/general-security-information/"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/pull/8750"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9497"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9498"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9499"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9494"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9495"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9496"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94228755/"
      },
      {
        "trust": 0.8,
        "url": "https://www.kb.cert.org/vuls/id/871675/"
      },
      {
        "trust": 0.8,
        "url": "https://w1.fi/wpa_supplicant/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tdozgr3t7fvo5jszwk2qpr7aofiejtiz/"
      },
      {
        "trust": 0.6,
        "url": "http://www.debian.org/security/2019/dsa-4430"
      },
      {
        "trust": 0.6,
        "url": "https://fortiguard.com/psirt/fg-ir-19-107"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0047/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/wpa-supplicant-four-vulnerabilities-29006"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152481/debian-security-advisory-4430-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/81182"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78946"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1775/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699164"
      },
      {
        "trust": 0.3,
        "url": "https://w1.fi"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9497"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9498"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9499"
      },
      {
        "trust": 0.3,
        "url": "https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-19:03.wpa.asc"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699168"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699170"
      },
      {
        "trust": 0.3,
        "url": "https://usn.ubuntu.com/3944-1"
      },
      {
        "trust": 0.3,
        "url": "https://seclists.org/oss-sec/2019/q2/19"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/debian-cve-2019-9497"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3944-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.kb.cert.org/vuls/id/871675"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/wpa"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11555\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-11.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9494\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9497\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-12.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9499\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-1\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-4\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-5\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-2\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://w1.fi/security/2019-3\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-11.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9496\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-19:03.wpa.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9495\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9498\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-19:03/wpa-12.patch"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "db": "BID",
        "id": "108401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "BID",
        "id": "108401"
      },
      {
        "date": "2019-04-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "date": "2019-04-11T14:10:46",
        "db": "PACKETSTORM",
        "id": "152481"
      },
      {
        "date": "2019-05-15T15:30:08",
        "db": "PACKETSTORM",
        "id": "152914"
      },
      {
        "date": "2019-04-17T14:29:03.963000",
        "db": "NVD",
        "id": "CVE-2019-9497"
      },
      {
        "date": "2019-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#871675"
      },
      {
        "date": "2019-05-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-9497"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "BID",
        "id": "108401"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002625"
      },
      {
        "date": "2023-11-07T03:13:41.063000",
        "db": "NVD",
        "id": "CVE-2019-9497"
      },
      {
        "date": "2020-11-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#871675"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-575"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-9497

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-9497

Aliases

CVE-2019-9497

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9497",
    "description": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",
    "id": "GSD-2019-9497",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-9497.html",
      "https://www.debian.org/security/2019/dsa-4430",
      "https://ubuntu.com/security/CVE-2019-9497"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9497"
      ],
      "details": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.",
      "id": "GSD-2019-9497",
      "modified": "2023-12-13T01:23:47.280405Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "Dragonblood",
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2019-9497",
        "STATE": "PUBLIC",
        "TITLE": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "hostapd with EAP-pwd support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.7",
                          "version_value": "2.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "wpa_supplicant with EAP-pwd support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.7",
                          "version_value": "2.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "hostapd with SAE support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.4",
                          "version_value": "2.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "wpa_supplicant with SAE support",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2.4",
                          "version_value": "2.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Wi-Fi Alliance"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-301"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://w1.fi/security/2019-4/",
            "refsource": "CONFIRM",
            "url": "https://w1.fi/security/2019-4/"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
          },
          {
            "name": "FEDORA-2019-d03bae77f5",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
          },
          {
            "name": "FEDORA-2019-f409af9fbe",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
          },
          {
            "name": "FEDORA-2019-eba1109acd",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
          },
          {
            "name": "FreeBSD-SA-19:03",
            "refsource": "FREEBSD",
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
          },
          {
            "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/May/40"
          },
          {
            "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
          },
          {
            "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0222",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.7",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9497"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://w1.fi/security/2019-4/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://w1.fi/security/2019-4/"
            },
            {
              "name": "FEDORA-2019-f409af9fbe",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
            },
            {
              "name": "FEDORA-2019-d03bae77f5",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
            },
            {
              "name": "FEDORA-2019-eba1109acd",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
            },
            {
              "name": "FreeBSD-SA-19:03",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
            },
            {
              "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "https://seclists.org/bugtraq/2019/May/40"
            },
            {
              "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
            },
            {
              "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0222",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-15T22:29Z",
      "publishedDate": "2019-04-17T14:29Z"
    }
  }
}

cve-2019-9497

Vulnerability from fkie_nvd

Published

2019-04-17 14:29

Modified

2024-11-21 04:51

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
cret@cert.org	http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
cret@cert.org	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
cret@cert.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
cret@cert.org	https://seclists.org/bugtraq/2019/May/40
cret@cert.org	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
cret@cert.org	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
cret@cert.org	https://www.synology.com/security/advisory/Synology_SA_19_16
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/40
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
af854a3a-2127-422b-91ae-364da2661108	https://w1.fi/security/2019-4/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.synology.com/security/advisory/Synology_SA_19_16

Impacted products

Vendor	Product	Version
w1.fi	hostapd	*
w1.fi	hostapd	*
w1.fi	wpa_supplicant	*
w1.fi	wpa_supplicant	*
fedoraproject	fedora	28
fedoraproject	fedora	29
fedoraproject	fedora	30

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "552340BD-4450-4767-BDB3-44FF526BD4ED",
              "versionEndIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9FD3E6-61E9-4F50-8077-DDC07F2CC46D",
              "versionEndIncluding": "2.7",
              "versionStartIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "068DF041-070A-4483-98A7-3FA2E245344F",
              "versionEndIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "922FB3CB-715B-425D-A5DA-E6A50E6D174F",
              "versionEndIncluding": "2.7",
              "versionStartIncluding": "2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
    },
    {
      "lang": "es",
      "value": "Las implementaciones de EAP-PWD en hostapd en EAP Server y wpa_supplicant en EAP Peer, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. Esta vulnerabilidad puede permitir que un atacante complete la identificaci\u00f3n EAP-PWD sin conocer la contrase\u00f1a. Sin embargo, a menos que la biblioteca criptogr\u00e1fica no implemente comprobaciones adicionales para el punto EC, el atacante no podr\u00e1 derivar la clave de sesi\u00f3n o completar el intercambio de claves. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE anterior e incluyendo la versi\u00f3n 2.4 son  impactados. Tanto hostapd con soporte EAP-pwd como wpa_supplicant con soporte EAP-pwd anterior y con la versi\u00f3n 2.7 est\u00e1n afectaos."
    }
  ],
  "id": "CVE-2019-9497",
  "lastModified": "2024-11-21T04:51:44.057",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-17T14:29:03.963",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
    },
    {
      "source": "cret@cert.org",
      "url": "https://seclists.org/bugtraq/2019/May/40"
    },
    {
      "source": "cret@cert.org",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://w1.fi/security/2019-4/"
    },
    {
      "source": "cret@cert.org",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/May/40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://w1.fi/security/2019-4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-301"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2019-9497

Vulnerability from cvelistv5

ghsa-fvg7-p9r8-pcrj

Vulnerability from github

var-201904-0380

Vulnerability from variot

freebsd-update fetch

freebsd-update install

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-12.patch.asc

gpg --verify wpa-12.patch.asc

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch

fetch https://security.FreeBSD.org/patches/SA-19:03/wpa-11.patch.asc

gpg --verify wpa-11.patch.asc

cd /usr/src

patch < /path/to/patch

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

gsd-2019-9497

Vulnerability from gsd

cve-2019-9497

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature