QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9496

Published: Apr 17, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Vendor	Product	Versions
Wi-Fi Alliance	hostapd with SAE support	affected `2.7 - <= 2.7`
Wi-Fi Alliance	wpa_supplicant with SAE support	affected `2.7 - <= 2.7`

Weaknesses (CWE)

References

https://w1.fi/security/2019-3/

x_refsource_CONFIRM

https://www.synology.com/security/advisory/Synology_SA_19_16

x_refsource_CONFIRM

FEDORA-2019-d03bae77f5

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-f409af9fbe

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-eba1109acd

vendor-advisory

x_refsource_FEDORA

FreeBSD-SA-19:03

vendor-advisory

x_refsource_FREEBSD

20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html

x_refsource_MISC

openSUSE-SU-2020:0222

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.