CVE-2024-5290
published 2024-08-07CVE-2024-5290: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate…
PriorityP345high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.66%
46.8th percentile
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical_ltd | wpa_supplicant | >= 0 < 2:2.9.0-21+deb11u2 | 2:2.9.0-21+deb11u2 |
| canonical_ltd | wpa_supplicant | >= 0 < 2:2.10-12+deb12u2 | 2:2.10-12+deb12u2 |
| canonical_ltd | wpa_supplicant | >= 0 < 2:2.10-22 | 2:2.10-22 |
| canonical_ltd | wpa_supplicant | >= 0 < 2:2.10-22 | 2:2.10-22 |
| canonical_ltd | wpa_supplicant | >= 2.1-0ubuntu1 < 2.1-0ubuntu1.7+esm5 | 2.1-0ubuntu1.7+esm5 |
| canonical_ltd | wpa_supplicant | >= 2.4-0ubuntu10 < 2:2.6-15ubuntu2.8+esm1 | 2:2.6-15ubuntu2.8+esm1 |
| canonical_ltd | wpa_supplicant | >= 2.4-0ubuntu3 < 2.4-0ubuntu6.8+esm1 | 2.4-0ubuntu6.8+esm1 |
| canonical_ltd | wpa_supplicant | >= 2:2.10-15 < 2:2.10-21ubuntu0.1 | 2:2.10-21ubuntu0.1 |
| canonical_ltd | wpa_supplicant | >= 2:2.9-1ubuntu2 < 2:2.9-1ubuntu4.4 | 2:2.9-1ubuntu4.4 |
| canonical_ltd | wpa_supplicant | >= 2:2.9.0-21build1 < 2:2.10-6ubuntu2.1 | 2:2.10-6ubuntu2.1 |
| debian | wpa | < wpa 2:2.10-12+deb12u2 (bookworm) | wpa 2:2.10-12+deb12u2 (bookworm) |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation
vendor_redhat·2024-08-07·CVSS 8.8
CVE-2024-5290 [HIGH] CWE-427 wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation
wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
A vulnerability was found in the wpa_supplicant package. This flaw allows a local unprivileged user who is part of the netdev group to achieve privilege escalation to the same user running wpa_supplicant (typically root).
Statement: This vulnerabili
Ubuntu
wpa_supplicant and hostapd vulnerability
vendor_ubuntu·2024-08-06
CVE-2024-5290 wpa_supplicant and hostapd vulnerability
Title: wpa_supplicant and hostapd vulnerability
Summary: wpa_supplicant could be made to run programs as an administrator with
specially crafted configuration file.
Rory McNamara discovered that wpa_supplicant could be made to load
arbitrary shared objects by unprivileged users that have access to
the control interface. An attacker could use this to escalate privileges
to root.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2024-5290: wpa - An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arb...
vendor_debian·2024·CVSS 8.8
CVE-2024-5290 [HIGH] CVE-2024-5290: wpa - An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arb...
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Scope: local
bookworm: resolved (fixed in 2:2.10-12+deb12u2)
bullseye: resolved (fixed in 2:2.9.0-21+deb11u2)
forky: resolved (fixed in 2:2.10-22)
sid: resolved (fixed in 2:2.10-22)
trixie: resolved (fixed in 2:2.10-22)
GHSA
GHSA-c2m5-cmpw-rjcx: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to e
ghsa_unreviewed·2024-08-07
CVE-2024-5290 [HIGH] CWE-427 GHSA-c2m5-cmpw-rjcx: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to e
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
OSV
CVE-2024-5290: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to e
osv·2024-08-07·CVSS 7.8
CVE-2024-5290 [HIGH] CVE-2024-5290: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to e
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
No detection rules found.
No public exploits indexed.
Securelist
Exploits and vulnerabilities in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Exploits and vulnerabilities in Q3 2024
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most prevalent exploits
Vulnerability exploitation in APT attacks
Interesting vulnerabilities
CVE-2024-47177 (CUPS filters)
CVE-2024-38112 (MSHTML Spoofing)
CVE-2024-6387 (regreSSHion)
CVE-2024-3183 (Free IPA)
CVE-2024-45519 (Zimbra)
CVE-2024-5290 (Ubuntu wpa_supplicant)
Conclusion and advice
Authors
Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Co
Securelist
Analyzing the vulnerability landscape in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Analyzing the vulnerability landscape in Q3 2024
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- Interesting vulnerabilities
- CVE-2024-47177 (CUPS filters)
- CVE-2024-38112 (MSHTML Spoofing)
- CVE-2024-6387 (regreSSHion)
- CVE-2024-3183 (Free IPA)
- CVE-2024-45519 (Zimbra)
- CVE-2024-5290 (Ubuntu wpa_supplicant)
- Conclusion and advice
Authors
- Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number
2024-08-07
Published