CVE-2019-9495 — Use of Cache Containing Sensitive Information in Alliance Hostapd With Eap-pwd Support

CWE-524 — Use of Cache Containing Sensitive Information CWE-203 — Observable Discrepancy CWE-924 — Improper Enforcement of Message Integrity During Transmission in a Communication Channel16 documents10 sources

Severity

3.7LOWNVD

CNA5.9OSV7.5OSV5.9

EPSS

6.2%

top 9.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Router Manager Wi-fi Alliance Hostapd With Eap-pwd Support Wi-fi Alliance WPA Supplicant With Eap-pwd Support +8 more

Timeline

PublishedApr 17

Latest updateMay 13

Description

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages8 packages

▶CVEListV5wi-fi_alliance/hostapd_with_eap-pwd_support2.7 — 2.7

▶NVDw1.fi/hostapd2.7

▶CVEListV5wi-fi_alliance/wpa_supplicant_with_eap-pwd_support2.7 — 2.7

▶NVDsynology/router_manager< 1.2.3-8017

▶NVDw1.fi/wpa_supplicant2.7

Also affects: Freebsd 11.2, 12.0, Debian Linux 8.0, Fedora 28, 29, 30

Patches

Patch: w1.fi ↗Patch: w1.fi ↗

🔴Vulnerability Details

GHSA

GHSA-p694-q9qw-q238: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns↗2022-05-13

▶

OSV

CVE-2019-9495: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns↗2019-04-17

▶

CVEList

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns↗2019-04-17

▶

OSV

wpa vulnerabilities↗2019-04-10

▶

📋Vendor Advisories

Red Hat

wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns↗2022-01-17

▶

Microsoft

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an ↗2022-01-11

▶

BSD

FreeBSD-SA-19:03.wpa: Multiple vulnerabilities in hostapd and wpa_supplicant↗2019-05-14

▶

Red Hat

wpa_supplicant: EAP-pwd cache side-channel attack↗2019-04-10

▶

Ubuntu

wpa_supplicant and hostapd vulnerabilities↗2019-04-10

▶

💬Community

Bugzilla

CVE-2019-9495 wpa_supplicant: EAP-pwd cache side-channel attack [fedora-all]↗2019-04-12

▶

Bugzilla

CVE-2019-9495 wpa_supplicant: EAP-pwd cache side-channel attack↗2019-04-11

▶

Bugzilla

CVE-2019-9495 hostapd: wpa_supplicant: EAP-pwd cache side-channel attack [fedora-all]↗2019-04-11

▶

Bugzilla

CVE-2019-9495 hostapd: wpa_supplicant: EAP-pwd cache side-channel attack [epel-all]↗2019-04-11

▶

Bugzilla

CVE-2019-9495 wpa_supplicant: EAP-pwd cache side-channel attack [fedora-all]↗2019-04-11

▶