CVE-2015-0210Improper Certificate Validation in WPA Supplicant

CWE-295Improper Certificate Validation6 documents5 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 46.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
W1.fi WPA Supplicant
Timeline
PublishedAug 28
Latest updateMay 17

Description

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-4vg4-q9rf-r94r: wpa_supplicant 22022-05-17
CVEList
CVE-2015-0210: wpa_supplicant 22017-08-28

📋Vendor Advisories

1
Red Hat
wpa_supplicant: broken certificate subject check2015-01-28

💬Community

2
Bugzilla
CVE-2015-0210 Broken subject_match in wpa_supplicant2015-01-11
Bugzilla
CVE-2015-0210 wpa_supplicant: broken certificate subject check2015-01-05
CVE-2015-0210 — Improper Certificate Validation | cvebase