Vulnerability in Wi-fi Alliance Hostapd With Sae Support
CVE-2019-9496
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerabl…
EPSS: 0.049 (89.8th percentile) — read the EPSS interpretation.
Affected products
- Wi-fi Alliance Hostapd With Sae Support — versions 2.7
- Wi-fi Alliance Wpa_supplicant With Sae Support — versions 2.7
Weakness classification (CWE)
References
- w1.fi/security/2019-3/ (x_refsource_CONFIRM)
- www.synology.com/security/advisory/Synology_SA_19_16 (x_refsource_CONFIRM)
- FEDORA-2019-d03bae77f5 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2019-f409af9fbe (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2019-eba1109acd (vendor-advisory, x_refsource_FEDORA)
- FreeBSD-SA-19:03 (vendor-advisory, x_refsource_FREEBSD)
- 20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa (mailing-list, x_refsource_BUGTRAQ)
- packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03… (x_refsource_MISC)
- openSUSE-SU-2020:0222 (vendor-advisory, x_refsource_SUSE)