Vulnerability Name:

CVE-2019-9496 (CCN-159314)

Assigned:2019-04-10
Published:2019-04-10
Updated:2019-05-15
Summary:An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-287
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-9496

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0222

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html

Source: CCN
Type: US-CERT VU#871675
WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

Source: XF
Type: UNKNOWN
w1fi-cve20199496-dos(159314)

Source: FEDORA
Type: Mailing List, Release Notes, Third Party Advisory
FEDORA-2019-d03bae77f5

Source: FEDORA
Type: Mailing List, Release Notes, Third Party Advisory
FEDORA-2019-eba1109acd

Source: FEDORA
Type: Mailing List, Release Notes, Third Party Advisory
FEDORA-2019-f409af9fbe

Source: BUGTRAQ
Type: UNKNOWN
20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa

Source: CCN
Type: oss-sec Mailing List, Wed, 10 Apr 2019 18:15:34 +0300
hostapd: SAE confirm missing state validation

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-19:03

Source: CCN
Type: W1.Fi Web site
hostapd

Source: CONFIRM
Type: Patch, Vendor Advisory
https://w1.fi/security/2019-3/

Source: CONFIRM
Type: UNKNOWN
https://www.synology.com/security/advisory/Synology_SA_19_16

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-9496

Vulnerable Configuration:Configuration 1:
  • cpe:/a:w1.fi:hostapd:*:*:*:*:*:*:*:* (Version <= 2.7)
  • OR cpe:/a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* (Version <= 2.7)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:28:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:w1.fi:hostapd:2.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20199496
    V
    		CVE-2019-9496
    2022-09-02
    oval:org.opensuse.security:def:112404
    P
    		hostapd-2.9-6.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105913
    P
    		hostapd-2.9-6.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63231
    P
    		python3-pywbem-0.11.0-2.21 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:74730
    P
    		Security update for jetty-minimal (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:63434
    P
    		libltdl7-32bit-2.4.6-1.406 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62760
    P
    		ibus-1.5.23-1.56 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62728
    P
    		MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62732
    P
    		audiofile-devel-0.3.6-3.7.10 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62735
    P
    		conky-1.11.5-1.20 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:64543
    P
    		Security update for dbus-1 (Important)
    2021-07-12
    oval:org.opensuse.security:def:100274
    P
    		 (Important)
    2021-05-04
    oval:org.opensuse.security:def:64485
    P
    		Security update for cups (Important)
    2021-04-30
    oval:org.opensuse.security:def:93561
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:64655
    P
    		Security update for python-cryptography (Important)
    2021-02-25
    oval:org.opensuse.security:def:64275
    P
    		Security update for curl (Moderate)
    2020-12-09
    oval:org.opensuse.security:def:64276
    P
    		Security update for python-pip, python-scripttest (Moderate)
    2020-12-09
    oval:org.opensuse.security:def:63581
    P
    		imobiledevice-tools-1.2.0+git20170122.45fda81-1.44 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62938
    P
    		bsh2-2.0.0.b6-10.65 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63810
    P
    		Security update for nfs-utils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64383
    P
    		libsndfile-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74597
    P
    		Security update for virtualbox (Important)
    2020-12-01
    oval:org.opensuse.security:def:64139
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:110368
    P
    		Security update for hostapd (Moderate)
    2020-02-15
    oval:com.ubuntu.cosmic:def:20199496000
    V
    		CVE-2019-9496 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-17
    oval:com.ubuntu.cosmic:def:201994960000000
    V
    		CVE-2019-9496 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-17
    oval:com.ubuntu.bionic:def:20199496000
    V
    		CVE-2019-9496 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-17
    oval:com.ubuntu.bionic:def:201994960000000
    V
    		CVE-2019-9496 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-17
    oval:com.ubuntu.xenial:def:20199496000
    V
    		CVE-2019-9496 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-17
    oval:com.ubuntu.xenial:def:201994960000000
    V
    		CVE-2019-9496 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-17
    oval:com.ubuntu.trusty:def:20199496000
    V
    		CVE-2019-9496 on Ubuntu 14.04 LTS (trusty) - medium.
    2019-04-17
    BACK
    w1.fi hostapd *
    w1.fi wpa supplicant *
    fedoraproject fedora 28
    fedoraproject fedora 29
    fedoraproject fedora 30
    w1.fi hostapd 2.7