Vulnerability Details : CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Vulnerability category: BypassGain privilegeDenial of service
Products affected by CVE-2019-5108
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
- Netapp » E-series Santricity Os ControllerVersions from including (>=) 11.0.0 and up to, including, (<=) 11.70.1cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-5108
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-5108
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST | |
7.4
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
2.8
|
4.0
|
Talos | |
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-5108
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
-
A feature, API, or function does not perform according to its specification.Assigned by: talos-cna@cisco.com (Secondary)
References for CVE-2019-5108
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
[SECURITY] [DLA 2241-2] linux security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
[SECURITY] [DLA 2241-1] linux security updateMailing List;Third Party Advisory
-
https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
https://usn.ubuntu.com/4286-1/
USN-4286-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
[SECURITY] [DLA 2242-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4287-2/
USN-4287-2: Linux kernel (Azure) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/4285-1/
USN-4285-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20200204-0002/
January 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Patch;Third Party Advisory
-
https://usn.ubuntu.com/4287-1/
USN-4287-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
TALOS-2019-0900 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
Kernel Live Patch Security Notice LSN-0063-1 ≈ Packet StormThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2020/dsa-4698
Debian -- Security Information -- DSA-4698-1 linuxThird Party Advisory
-
https://usn.ubuntu.com/4286-2/
USN-4286-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to