CVE-2024-5290
HIGHW1.fi Wpa Supplicant - Uncontrolled Search Path
Title source: ruleDescription
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Scores
CVSS v3
8.8
EPSS
0.0025
EPSS Percentile
48.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Classification
CWE
CWE-427
Status
published
Affected Products (1)
w1.fi/wpa_supplicant
Timeline
Published
Aug 07, 2024
Tracked Since
Feb 18, 2026