CVE-2019-5061

EUVD-2019-14668
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
talosCNA
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
w1.fihostapd
2.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wpa
bookworm
2:2.10-12+deb12u2
fixed
bookworm (security)
2:2.10-12+deb12u2
fixed
bullseye
2:2.9.0-21+deb11u2
fixed
bullseye (security)
2:2.9.0-21+deb11u2
fixed
sid
2:2.10-22
fixed
trixie
2:2.10-22
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wpa
bionic
needs-triage
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
Fixed 2:2.9.0-20build1
released
impish
Fixed 2:2.9.0-20build1
released
jammy
Fixed 2:2.9.0-20build1
released
kinetic
Fixed 2:2.9.0-20build1
released
lunar
Fixed 2:2.9.0-20build1
released
mantic
Fixed 2:2.9.0-20build1
released
noble
Fixed 2:2.9.0-20build1
released
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849