Vulnerability Details : CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Vulnerability category: BypassGain privilege
Published 2019-04-17 14:29:04
Updated 2019-05-15 22:29:02
Source CERT/CC
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-9497

Probability of exploitation activity in the next 30 days: 1.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-9497

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
6.8
 MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
 nvd@nist.gov
8.1
 HIGH CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.2
5.9
 nvd@nist.gov

CWE ids for CVE-2019-9497

  • When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
    Assigned by: nvd@nist.gov (Primary)
  • Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.
    Assigned by: cret@cert.org (Secondary)

References for CVE-2019-9497

Products affected by CVE-2019-9497

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close