CVE-2015-5310

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
googleandroid
4.4.4
googleandroid
5.0
googleandroid
5.1.1
googleandroid
6.0
googleandroid
6.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wpa
bullseye (security)
2:2.9.0-21+deb11u2
fixed
bullseye
2:2.9.0-21+deb11u2
fixed
wheezy
not-affected
bookworm
2:2.10-12+deb12u2
fixed
bookworm (security)
2:2.10-12+deb12u2
fixed
sid
2:2.10-22
fixed
trixie
2:2.10-22
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wpa
wily
Fixed 2.4-0ubuntu3.2
released
vivid
Fixed 2.1-0ubuntu7.3
released
trusty
Fixed 2.1-0ubuntu1.4
released
precise
dne
wpasupplicant
wily
dne
vivid
dne
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-01-01.html
http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
http://www.debian.org/security/2015/dsa-3397
http://www.openwall.com/lists/oss-security/2015/11/10/9
http://www.securityfocus.com/bid/77541
http://www.securitytracker.com/id/1034592
http://www.ubuntu.com/usn/USN-2808-1
http://source.android.com/security/bulletin/2016-01-01.html
http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
http://www.debian.org/security/2015/dsa-3397
http://www.openwall.com/lists/oss-security/2015/11/10/9
http://www.securityfocus.com/bid/77541
http://www.securitytracker.com/id/1034592
http://www.ubuntu.com/usn/USN-2808-1