Описание
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
Ссылки
- MitigationPatchThird Party Advisory
- MitigationPatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
EPSS
9.8 Critical
CVSS3
6.8 Medium
CVSS2