CVE-2019-5061

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*

History

21 Nov 2024, 04:44

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849 - Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849 - Third Party Advisory

19 Apr 2022, 18:16

Type Values Removed Values Added
CWE CWE-20 CWE-287

Information

Published : 2019-12-12 22:15

Updated : 2024-11-21 04:44


NVD link : CVE-2019-5061

Mitre link : CVE-2019-5061

CVE.ORG link : CVE-2019-5061


JSON object : View

Products Affected

w1.fi

  • hostapd
CWE
CWE-440

Expected Behavior Violation

CWE-287

Improper Authentication