CVE-2018-14526
published 2018-08-08CVE-2018-14526: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked…
PriorityP430medium6.5CVSS 3.0
AVAACLPRNUINSUCHINAN
EPSS
1.40%
69.2th percentile
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | wpa | < wpa 2:2.6-18 (bookworm) | wpa 2:2.6-18 (bookworm) |
| w1.fi | wpa_supplicant | >= 0 < 2:2.6-18 | 2:2.6-18 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.6-18 | 2:2.6-18 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.6-18 | 2:2.6-18 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.6-18 | 2:2.6-18 |
| w1.fi | wpa_supplicant | 2.0 – 2.6 | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE W700 and W1700
cisa_ics·2019-12-10·CVSS 6.5
[MEDIUM] Siemens SCALANCE W700 and W1700
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE W700 and W1700
Last RevisedDecember 10, 2019
Alert CodeICSA-19-344-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Low skill level to exploit
- Vendor: Siemens
- Equipment: SCALANCE W700 and W1700
- Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access confidential data.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of SCALANCE W700 and W1700, wireless communication device
Ubuntu
wpa_supplicant and hostapd vulnerability
vendor_ubuntu·2018-08-20
CVE-2018-14526 wpa_supplicant and hostapd vulnerability
Title: wpa_supplicant and hostapd vulnerability
Summary: wpa_supplicant and hostapd could be made to expose sensitive information
if it received a crafted message.
It was discovered that wpa_supplicant and hostapd incorrectly handled certain
messages. An attacker could possibly use this to access sensitive information.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
BSD
FreeBSD-SA-18:11.hostapd: Unauthenticated EAPOL-Key Decryption Vulnerability
bsd_advisories·2018-08-14·CVSS 6.5
CVE-2018-14526 [MEDIUM] FreeBSD-SA-18:11.hostapd: Unauthenticated EAPOL-Key Decryption Vulnerability
FreeBSD-SA-18:11.hostapd Security Advisory
The FreeBSD Project
Topic: Unauthenticated EAPOL-Key Decryption Vulnerability
Category: contrib
Module: wpa
Announced: 2018-08-14
Credits: Mathy Vanhoef of the imec-DistriNet research group of
KU Leuven
Affects: All supported versions of FreeBSD.
Corrected: 2018-08-15 05:03:54 UTC (stable/11, 11.1-STABLE)
2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2)
2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13)
2018-08-15 05:05:02 UTC (stable/10, 10.4-STABLE)
2018-08-15 02:31:10 UTC (releng/10.4, 10.4-RELEASE-p11)
CVE Name: CVE-2018-14526
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The wpa_supplicant(8)
Red Hat
wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
vendor_redhat·2018-08-08·CVSS 6.5
CVE-2018-14526 [MEDIUM] CWE-200 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
Statement: Red Hat Virtualization images include wpa_supplicant as a component from the base Red Hat Enterprise Linux operating system, but use of Red Hat Virtualization on a wireless network is neither recommended nor supported. A future update may address this issue.
This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7.
Red Hat Enterprise Linux 6 is now in Maintenance Sup
Debian
CVE-2018-14526: wpa - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Und...
vendor_debian·2018·CVSS 6.5
CVE-2018-14526 [MEDIUM] CVE-2018-14526: wpa - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Und...
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
Scope: local
bookworm: resolved (fixed in 2:2.6-18)
bullseye: resolved (fixed in 2:2.6-18)
forky: resolved (fixed in 2:2.6-18)
sid: resolved (fixed in 2:2.6-18)
trixie: resolved (fixed in 2:2.6-18)
GHSA
GHSA-p89p-gprq-frv8: An issue was discovered in rsn_supp/wpa
ghsa_unreviewed·2022-05-13
CVE-2018-14526 [MEDIUM] CWE-924 GHSA-p89p-gprq-frv8: An issue was discovered in rsn_supp/wpa
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
OSV
CVE-2018-14526: An issue was discovered in rsn_supp/wpa
osv·2018-08-08·CVSS 6.5
CVE-2018-14526 [MEDIUM] CVE-2018-14526: An issue was discovered in rsn_supp/wpa
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant [fedora-all]
bugzilla·2018-08-10·CVSS 6.5
CVE-2018-14526 [MEDIUM] CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant [fedora-all]
CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant [fedora-all]
a vulnerability in RX EAPOL processing has been recently detected.
Discussion:
wpa_supplicant-2.6-14.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c43c1ee06f
---
wpa_supplicant-2.6-17.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-41dfadd21a
---
wpa_supplicant-2.6-14.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/upd
Bugzilla
CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
bugzilla·2018-08-09·CVSS 6.5
CVE-2018-14526 [MEDIUM] CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
References:
https://papers.mathyvanhoef.com/woot2018.pdf
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
Discussion:
Statement:
Red Hat Virtualization images include wpa_supplicant as a component from the base Red Hat Enterprise Linux operating system, but use of Red Hat Virtualization on a wireless network is neither recommended nor supported. A future update may address this
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.htmlhttp://www.securitytracker.com/id/1041438https://access.redhat.com/errata/RHSA-2018:3107https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdfhttps://lists.debian.org/debian-lts-announce/2018/08/msg00009.htmlhttps://papers.mathyvanhoef.com/woot2018.pdfhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.aschttps://usn.ubuntu.com/3745-1/https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txthttps://www.us-cert.gov/ics/advisories/icsa-19-344-01http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.htmlhttp://www.securitytracker.com/id/1041438https://access.redhat.com/errata/RHSA-2018:3107https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdfhttps://lists.debian.org/debian-lts-announce/2018/08/msg00009.htmlhttps://papers.mathyvanhoef.com/woot2018.pdfhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.aschttps://usn.ubuntu.com/3745-1/https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txthttps://www.us-cert.gov/ics/advisories/icsa-19-344-01
2018-08-08
Published