cbcvebase.
CVE-2022-37660
published 2025-02-11

CVE-2022-37660: In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with…

PriorityP336medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.34%
25.7th percentile
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianwpa< wpa 2:2.10-12+deb12u3 (bookworm)wpa 2:2.10-12+deb12u3 (bookworm)
w1.fihostapd<= 2.10

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.