CVE-2019-16275

moderate-risk

Published 2019-09-12

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

Do I need to act?

0.50% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (9)

Hostapd

Wpa Supplicant

Debian Linux

Ubuntu Linux

Affected Vendors

Debian Canonical W1.Fi

References (28)

Mailing List http://www.openwall.com/lists/oss-security/2019/09/12/6

Mailing List https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Mailing List https://seclists.org/bugtraq/2019/Sep/56

Third Party Advisory https://usn.ubuntu.com/4136-1/

Third Party Advisory https://usn.ubuntu.com/4136-2/

Patch https://w1.fi/security/2019-7/

Mitigation https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Third Party Advisory https://www.debian.org/security/2019/dsa-4538

Mailing List https://www.openwall.com/lists/oss-security/2019/09/11/7

Mailing List http://www.openwall.com/lists/oss-security/2019/09/12/6

Mailing List https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

and 8 more references

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 2/34 · Minimal

Exposure 15/34 · Moderate