Описание
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.
A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange of an SSID during a 4-way handshake.
Отчет
This vulnerability affects networks using the WEP, WPA3 SAE-loop, 802.1x/EAP, FILS, and Mesh AMPE authentication protocols, arising from a design flaw in the WiFi standard IEEE 802.11 allows attackers to trick victims into connecting to less secure networks and intercept their traffic. This significantly impacts Confidentiality, as sensitive data can be intercepted. Integrity is compromised because attackers can alter intercepted data. Availability is also affected, as the attack exploits the auto-disconnect feature in certain VPN clients, causing the VPN to disable when the device connects to a predefined “trusted” WiFi network, leaving the user unprotected. The impact is Moderate, because of the attack limitations: credentials of the valid WiFi network and malicious one suppose to be the same.
Меры по смягчению последствий
Avoid Credential Reuse: One of the key recommendations is to avoid reusing credentials across different SSIDs. Each network should have unique credentials to prevent attackers from easily setting up rogue networks with matching authentication details.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | hostapd | Not affected | ||
| Red Hat Enterprise Linux 10 | linux-firmware | Not affected | ||
| Red Hat Enterprise Linux 10 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 10 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 6 | NetworkManager | Out of support scope | ||
| Red Hat Enterprise Linux 6 | wpa_supplicant | Out of support scope | ||
| Red Hat Enterprise Linux 7 | linux-firmware | Will not fix | ||
| Red Hat Enterprise Linux 7 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 7 | wpa_supplicant | Will not fix | ||
| Red Hat Enterprise Linux 8 | hostapd | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.
Уязвимость реализации стандарта Wi-Fi IEEE 802.11, связанная с недостаточной защитой служебных данных при обработке SSID-идентификатора, позволяющая нарушителю выполнить перехват трафика путём подмены точки доступа
EPSS
7.4 High
CVSS3