CVE-2019-9498
moderate-risk
Published 2019-04-17
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Do I need to act?
~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
References (18)
Mailing List
https://seclists.org/bugtraq/2019/May/40
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_16
Mailing List
https://seclists.org/bugtraq/2019/May/40
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_16
49
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
4/34 · Minimal
Exposure
21/34 · High