PT-2018-3386 · Wpa Supplicant+6 · Wpa Supplicant+6

Publicado

2018-08-08

·

Atualizado

2024-06-15

·

CVE-2018-14526

CVSS v3.1

6.5

Média

VetorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: wpa supplicant versions 2.0 through 2.6
Description: An issue in wpa supplicant allows an attacker within range of the Access Point and client to abuse the vulnerability and recover sensitive information due to the lack of integrity check of EAPOL-Key messages. This can lead to a decryption oracle under certain conditions. The vulnerability is related to the EAP-PWD certification protocol for wireless communication devices and can be exploited by a remote attacker to cause a denial of service.
Recommendations: For wpa supplicant versions 2.0 through 2.6, consider updating to a version that includes a fix for this issue, as the current version lacks integrity checking for EAPOL-Key messages, making it vulnerable to decryption oracle attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-924

Identificadores relacionados

ALT-PU-2018-2919
BDU:2020-00733
CESA-2018_3107
CVE-2018-14526
DLA-1462-1
FREEBSD-SA-18_11
MGASA-2018-0348
OPENSUSE-SU-2018_3527-1
OPENSUSE-SU-2018_3539-1
OPENSUSE-SU-2019_1345-1
OPENSUSE-SU-2020:2053-1
OPENSUSE-SU-2020:2059-1
OPENSUSE-SU-2020_2053-1
OPENSUSE-SU-2020_2059-1
OPENSUSE-SU-2024:10846-1
OPENSUSE-SU-2024:11515-1
RHSA-2018:3107
RHSA-2018_3107
SUSE-SU-2018:3480-1
SUSE-SU-2018_3480-1
SUSE-SU-2019:1088-1
SUSE-SU-2019_1088-1
SUSE-SU-2020:3380-1
SUSE-SU-2020:3424-1
SUSE-SU-2022:1853-1
USN-3745-1

Produtos afetados

Alt Linux
Centos
Freebsd
Red Hat
Suse
Ubuntu
Wpa Supplicant