Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2019-9497 | First vendor Publication | 2019-04-17 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.1 | ||
Base Score | 8.1 | Environmental Score | 8.1 |
impact SubScore | 5.9 | Temporal Score | 8.1 |
Exploitabality Sub Score | 2.2 | ||
Attack Vector | Network | Attack Complexity | High |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 13:36:57 |
|
2024-09-18 02:05:32 |
|
2023-11-07 21:40:13 |
|
2021-05-04 13:42:43 |
|
2021-04-22 02:54:22 |
|
2020-05-23 02:34:20 |
|
2019-08-01 12:06:40 |
|
2019-05-16 05:18:51 |
|
2019-05-15 21:19:37 |
|
2019-05-15 17:19:12 |
|
2019-05-15 09:19:22 |
|
2019-05-11 05:18:44 |
|
2019-05-01 21:19:06 |
|
2019-04-28 09:19:14 |
|
2019-04-24 05:19:05 |
|
2019-04-18 21:19:14 |
|
2019-04-17 21:19:26 |
|