CVE-2019-9495

LOW

hostapd/wpa_supplicant <2.7 - Info Disclosure

Title source: llm
STIX 2.1

Description

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

References (10)

Core 10
Core References
Patch, Vendor Advisory x_refsource_confirm
https://w1.fi/security/2019-2/
Third Party Advisory x_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_19_16
Third Party Advisory vendor-advisory x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/40
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

Scores

CVSS v3 3.7
EPSS 0.0620
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-524 CWE-203
Status published
Products (12)
debian/debian_linux 8.0
fedoraproject/fedora 28
fedoraproject/fedora 29
fedoraproject/fedora 30
freebsd/freebsd 11.2 (10 CPE variants)
freebsd/freebsd 12.0 (4 CPE variants)
opensuse/backports_sle 15.0 (2 CPE variants)
opensuse/leap 15.1
synology/radius_server 3.0
synology/router_manager < 1.2.3-8017
... and 2 more
Published Apr 17, 2019
Tracked Since Feb 18, 2026