Описание
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.
Ссылки
- ExploitThird Party Advisory
- Product
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Product
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 4.0.0 (включая)Версия от 2.2.0 (включая) до 3.1.0 (включая)
Одно из
cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
cpe:2.3:a:espressif:esp8266_nonos_sdk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
8.1 High
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
github
больше 3 лет назад
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.
EPSS
Процентиль: 23%
0.00077
Низкий
8.1 High
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-327