Skip to main content

Hostapd CVE-2019-5062

MEDIUM
Expected Behavior Violation (CWE-440)
2019-12-12 talos-cna@cisco.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 12, 2019 - 22:15 nvd
MEDIUM 6.5

DescriptionNVD

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.

AnalysisAI

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-440. An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. Affected products include: W1.Fi Hostapd.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-13082 HIGH POC
8.1 Oct 17

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PT

CVE-2019-9499 HIGH
8.1 Apr 17

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validati

CVE-2019-9498 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on

CVE-2019-9497 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element

CVE-2014-3686 MEDIUM
6.8 Oct 16

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli

CVE-2016-4476 HIGH
7.5 May 09

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase paramete

CVE-2020-12695 HIGH
7.5 Jun 08

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription r

CVE-2019-9496 HIGH
7.5 Apr 17

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps

CVE-2026-58374 HIGH
7.1 Jun 30

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthe

CVE-2017-13084 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) du

CVE-2017-13077 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during

CVE-2017-13086 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) duri

Share

CVE-2019-5062 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy