cbcvebase.
CVE-2015-5310
published 2016-01-06

CVE-2015-5310: The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not…

PriorityP422medium4.3CVSS 3.0
AVAACLPRNUINSUCLINAN
EPSS
1.17%
63.4th percentile
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianwpa< wpa 2.3-2.3 (bookworm)wpa 2.3-2.3 (bookworm)
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid

CVSS provenance

nvdv3.04.3MEDIUMCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.