CVE-2023-52424

Name of the Vulnerable Software and Affected Versions IEEE 802.11 standard (affected versions not specified)

Description The issue is related to the IEEE 802.11 standard, which sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and there is not a protected exchange of an SSID during a 4-way handshake. The problem affects all operating systems and Wi-Fi clients, including home and mesh networks based on WEP, WPA3, 802.11X/EAP, and AMPE protocols. An estimated number of potentially affected devices worldwide is not explicitly mentioned, but it is implied that the issue is widespread, affecting billions of devices. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include:

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, proposed measures to mitigate the issue include updating the Wi-Fi standard to include SSID in the 4-way handshake when connecting to protected networks and improving beacon protection. As a temporary workaround, consider avoiding credential reuse and being cautious when connecting to Wi-Fi networks.