CVE-2019-5061
published 2019-12-12CVE-2019-5061: An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before…
PriorityP425medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.92%
55.8th percentile
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wpa | < wpa 2:2.9+git20200213+877d9a0-1 (bookworm) | wpa 2:2.9+git20200213+877d9a0-1 (bookworm) |
| w1.fi | hostapd | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.4HIGHCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6626-64rf-2cvv: An exploitable denial-of-service vulnerability exists in the hostapd 2
ghsa_unreviewed·2022-05-24
CVE-2019-5061 [MEDIUM] CWE-20 GHSA-6626-64rf-2cvv: An exploitable denial-of-service vulnerability exists in the hostapd 2
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
OSV
CVE-2019-5061: An exploitable denial-of-service vulnerability exists in the hostapd 2
osv·2019-12-12·CVSS 6.5
CVE-2019-5061 [MEDIUM] CVE-2019-5061: An exploitable denial-of-service vulnerability exists in the hostapd 2
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Debian
CVE-2019-5061: wpa - An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where ...
vendor_debian·2019·CVSS 6.5
CVE-2019-5061 [MEDIUM] CVE-2019-5061: wpa - An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where ...
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 2:2.9+git20200213+877d9a0-1)
bullseye: resolved (fixed in 2:2.9+git20200213+877d9a0-1)
forky: resolved (fixed in 2:2.9+git20200213+877d9a0-1)
sid: resolved (fixed in 2:2.9+git20200213+877d9a0-1)
trixie: resolved (fixed in 2:2.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-5061 hostapd: attacker could trigger AP to send IAPP location before authentication leads to dos [epel-6]
bugzilla·2020-01-27·CVSS 6.5
CVE-2019-5061 [MEDIUM] CVE-2019-5061 hostapd: attacker could trigger AP to send IAPP location before authentication leads to dos [epel-6]
CVE-2019-5061 hostapd: attacker could trigger AP to send IAPP location before authentication leads to dos [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use th
Bugzilla
CVE-2019-5061 hostapd: attacker could trigger AP to send IAPP location before authentication leads to dos
bugzilla·2020-01-27·CVSS 6.5
CVE-2019-5061 [MEDIUM] CVE-2019-5061 hostapd: attacker could trigger AP to send IAPP location before authentication leads to dos
CVE-2019-5061 hostapd: attacker could trigger AP to send IAPP location before authentication leads to dos
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Reference:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849
Discussion:
Created hostapd tracking bugs for this issue:
Affects: epel-6 [bug
Talos
Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi
blogs_talos·2019-12-11·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi
## Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi
Mitchell Frank and Mark Leonard of Cisco discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two denial-of-service vulnerabilities in the open-source program W1.fi. Both of these vulnerabilities target hostapd. One could allow an attacker to forge authentication requests, while another could trigger a deauthentication, both resulting in a denial of service.
In accordance with our coordinated disclosure policy, Cisco Talos worked with the manager of W1.fi to ensure that these issues are resolved and that an update is available for affected customers. TALOS-2019-0849 relates to TALOS-2019-0900, a denial-of-service vulnerability in the Linux kernel. Linux has also release
Talos
Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi
blogs_talos·2019-12-11·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Denial-of-service vulnerabilities in Linux kernel, W1.fi
Mitchell Frank and Mark Leonard of Cisco discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two denial-of-service vulnerabilities in the open-source program W1.fi. Both of these vulnerabilities target hostapd. One could allow an attacker to forge authentication requests, while another could trigger a deauthentication, both resulting in a denial of service.
In accordance with our coordinated disclosure policy, Cisco Talos worked with the manager of W1.fi to ensure that these issues are resolved and that an update is available for affected customers. TALOS-2019-0849 relates to TALOS-2019-0900, a denial-of-service vulnerability in the Linux kernel. Linux has also released an update to address that vulnerability, which makes more versions of Linux besides
2019-12-12
Published