Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-9494

Опубликовано: 17 апр. 2019
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*
Версия до 2.7 (включая)
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
Версия до 2.7 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*
Версия до 1.2.3-8087 (исключая)
Конфигурация 5

Одно из

cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.01446
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-208
CWE-203

Связанные уязвимости

ubuntu логотип

CVE-2019-9494

CVSS3: 5.9
ubuntu
почти 7 лет назад

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

redhat логотип

CVE-2019-9494

CVSS3: 7
redhat
почти 7 лет назад

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

debian логотип

CVE-2019-9494

CVSS3: 5.9
debian
почти 7 лет назад

The implementations of SAE in hostapd and wpa_supplicant are vulnerabl ...

github логотип

GHSA-cvqc-p7v4-m9pm

CVSS3: 5.9
github
больше 3 лет назад

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

fstec логотип

BDU:2021-05846

CVSS3: 5.9
fstec
почти 7 лет назад

Уязвимость реализации SAE функции wpa_supplicant сертификации устройств беспроводной связи WPA, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 80%
0.01446
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-208
CWE-203