CVE-2019-9494

MEDIUM

Hostapd & Wpa_Supplicant <2.7 - Info Disclosure

Title source: llm

Description

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

References (9)

Core 9

Core References

Patch, Vendor Advisory x_refsource_confirm

https://w1.fi/security/2019-1/

Third Party Advisory x_refsource_confirm

https://www.synology.com/security/advisory/Synology_SA_19_16

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/

Third Party Advisory vendor-advisory x_refsource_freebsd

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/May/40

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

Scores

CVSS v3 5.9

EPSS 0.0374

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-524 CWE-208 CWE-203

Status published

Products (11)

fedoraproject/fedora 28

fedoraproject/fedora 29

fedoraproject/fedora 30

freebsd/freebsd 11.2 (10 CPE variants)

freebsd/freebsd 12.0 (4 CPE variants)

opensuse/backports_sle 15.0 (2 CPE variants)

opensuse/leap 15.1

synology/radius_server 3.0

synology/router_manager < 1.2.3-8087

w1.fi/hostapd < 2.7

... and 1 more

Published Apr 17, 2019

Tracked Since Feb 18, 2026