Skip to main content

Wpa Supplicant CVE-2021-27803

HIGH
2021-02-26 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 26, 2021 - 23:15 nvd
HIGH 7.5

DescriptionNVD

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

AnalysisAI

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Technical ContextAI

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Affected products include: W1.Fi Wpa Supplicant, Fedoraproject Fedora, Debian Debian Linux. Version information: before 2.10.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-13082 HIGH POC
8.1 Oct 17

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PT

CVE-2024-5290 HIGH POC
7.8 Aug 07

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a lo

CVE-2015-0210 MEDIUM POC
5.9 Aug 28

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-

CVE-2019-9499 HIGH
8.1 Apr 17

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validati

CVE-2019-9498 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on

CVE-2019-9497 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element

CVE-2014-3686 MEDIUM
6.8 Oct 16

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli

CVE-2016-4476 HIGH
7.5 May 09

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase paramete

CVE-2015-1863 MEDIUM
5.8 Apr 28

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash

CVE-2019-9496 HIGH
7.5 Apr 17

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps

CVE-2017-13084 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) du

CVE-2017-13077 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during

Share

CVE-2021-27803 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy