Multiple vulnerabilities in W1.fi hostapd
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-5062 CVE-2019-5061 |
| CWE-ID | CWE-440 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
hostapd Server applications / Remote access servers, VPN |
| Vendor | Jouni Malinen |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Expected behavior violation
EUVDB-ID: #VU23611
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5062
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the 802.11w security state handling connected clients with valid 802.11w sessions. A remote attacker on the local network can simulate an incomplete new association, trigger a deauthentication against stations using 802.11w and cause a denial of service condition on the target system.
Note: This vulnerability affects hostapd on a Raspberry Pi.
MitigationInstall updates from vendor's website.
Vulnerable software versionshostapd: 2.6
CPE2.3 External linkshttps://talosintelligence.com/vulnerability_reports/TALOS-2019-0850
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Expected behavior violation
EUVDB-ID: #VU23612
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5061
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an Authentication and AssociationRequest packet is sent before the station has successfully authenticated. A remote attacker on the local network can iterate through a large set of unique MAC addresses to trigger DoS attacks within the upstream network infrastructure.
This can lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure.
Note: This vulnerability affects hostapd Ubiquiti AP-AC-Pro firmware 4.0.10.9653
Mitigation
Install updates from vendor's website.
Vulnerable software versionshostapd: 2.6
CPE2.3 External linkshttps://talosintelligence.com/vulnerability_reports/TALOS-2019-0849
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
