[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-16275Date: (C)2019-09-18   (M)2023-12-22


hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 3.3
Exploit Score: 2.8Exploit Score: 6.5
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: ADJACENT_NETWORKAccess Vector: ADJACENT_NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2019/Sep/56
DSA-4538
FEDORA-2019-0e0b28001d
FEDORA-2019-2265b5ae86
FEDORA-2019-2bdcccee3c
FEDORA-2019-65509aac53
FEDORA-2019-740834c559
USN-4136-1
USN-4136-2
https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html
http://www.openwall.com/lists/oss-security/2019/09/12/6
https://w1.fi/security/2019-7/
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
https://www.openwall.com/lists/oss-security/2019/09/11/7

CPE    6
cpe:/a:w1.fi:hostapd
cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
cpe:/a:w1.fi:wpa_supplicant
cpe:/o:debian:debian_linux:8.0
...
CWE    1
CWE-346
OVAL    14
oval:org.secpod.oval:def:89002753
oval:org.secpod.oval:def:117444
oval:org.secpod.oval:def:117266
oval:org.secpod.oval:def:117322
...

© SecPod Technologies