CVE-2015-5310

EUVD-2015-5282
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
googleandroid
4.4.4
googleandroid
5.0
googleandroid
5.1.1
googleandroid
6.0
googleandroid
6.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wpa
bookworm
2:2.10-12+deb12u2
fixed
bookworm (security)
2:2.10-12+deb12u2
fixed
bullseye
2:2.9.0-21+deb11u2
fixed
bullseye (security)
2:2.9.0-21+deb11u2
fixed
sid
2:2.10-22
fixed
trixie
2:2.10-22
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wpa
precise
dne
trusty
Fixed 2.1-0ubuntu1.4
released
vivid
Fixed 2.1-0ubuntu7.3
released
wily
Fixed 2.4-0ubuntu3.2
released
wpasupplicant
precise
not-affected
trusty
dne
vivid
dne
wily
dne
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-01-01.html
http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
http://www.debian.org/security/2015/dsa-3397
http://www.openwall.com/lists/oss-security/2015/11/10/9
http://www.securityfocus.com/bid/77541
http://www.securitytracker.com/id/1034592
http://www.ubuntu.com/usn/USN-2808-1
http://source.android.com/security/bulletin/2016-01-01.html
http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
http://www.debian.org/security/2015/dsa-3397
http://www.openwall.com/lists/oss-security/2015/11/10/9
http://www.securityfocus.com/bid/77541
http://www.securitytracker.com/id/1034592
http://www.ubuntu.com/usn/USN-2808-1