CVE-2019-9494

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html	Third Party Advisory VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
https://seclists.org/bugtraq/2019/May/40	Mailing List Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	Third Party Advisory
https://w1.fi/security/2019-1/	Patch Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_19_16	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html	Third Party Advisory VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
https://seclists.org/bugtraq/2019/May/40	Mailing List Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc	Third Party Advisory
https://w1.fi/security/2019-1/	Patch Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_19_16	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:w1.fi:hostapd::::::::
	cpe:2.3:a:w1.fi:wpa_supplicant::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:28:::::::*
	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:synology:radius_server:3.0:::::::*
	cpe:2.3:a:synology:router_manager::::::::

Configuration 5 (hide)

OR	cpe:2.3:o:freebsd:freebsd:11.2:-::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p3::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p4::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p5::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p6::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p7::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p8::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p9::::::
	cpe:2.3:o:freebsd:freebsd:11.2:rc3::::::
	cpe:2.3:o:freebsd:freebsd:12.0:-::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p2::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p3::::::

History

21 Nov 2024, 04:51

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html - Mailing List, Third Party Advisory
References	~~() http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html - Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html - Third Party Advisory, VDB Entry
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/ -
References	~~() https://seclists.org/bugtraq/2019/May/40 - Mailing List, Third Party Advisory~~	() https://seclists.org/bugtraq/2019/May/40 - Mailing List, Third Party Advisory
References	~~() https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc - Third Party Advisory~~	() https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc - Third Party Advisory
References	~~() https://w1.fi/security/2019-1/ - Patch, Vendor Advisory~~	() https://w1.fi/security/2019-1/ - Patch, Vendor Advisory
References	~~() https://www.synology.com/security/advisory/Synology_SA_19_16 - Third Party Advisory~~	() https://www.synology.com/security/advisory/Synology_SA_19_16 - Third Party Advisory

03 Nov 2021, 19:50

Type	Values Removed	Values Added
CPE		cpe:2.3:o:freebsd:freebsd:11.2:p5:::::: cpe:2.3:o:freebsd:freebsd:12.0:p2:::::: cpe:2.3:o:freebsd:freebsd:12.0:p1:::::: cpe:2.3:o:freebsd:freebsd:11.2:p4:::::: cpe:2.3:o:freebsd:freebsd:11.2:-:::::: cpe:2.3:o:freebsd:freebsd:11.2:p2:::::: cpe:2.3:o:freebsd:freebsd:11.2:p7:::::: cpe:2.3:o:opensuse:leap:15.1:::::::* cpe:2.3:a:synology:router_manager:::::::: cpe:2.3:o:freebsd:freebsd:12.0:p3:::::: cpe:2.3:o:freebsd:freebsd:12.0:-:::::: cpe:2.3:a:opensuse:backports_sle:15.0:sp1:::::: cpe:2.3:o:freebsd:freebsd:11.2:p3:::::: cpe:2.3:a:synology:radius_server:3.0:::::::* cpe:2.3:o:freebsd:freebsd:11.2:rc3:::::: cpe:2.3:o:freebsd:freebsd:11.2:p9:::::: cpe:2.3:o:freebsd:freebsd:11.2:p8:::::: cpe:2.3:a:opensuse:backports_sle:15.0:-:::::: cpe:2.3:o:freebsd:freebsd:11.2:p6::::::
CWE	~~CWE-200~~	CWE-203
References	~~(FREEBSD) https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc -~~	(FREEBSD) https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc - Third Party Advisory
References	~~(BUGTRAQ) https://seclists.org/bugtraq/2019/May/40 -~~	(BUGTRAQ) https://seclists.org/bugtraq/2019/May/40 - Mailing List, Third Party Advisory
References	~~(MISC) http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html -~~	(MISC) http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html - Third Party Advisory, VDB Entry
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://www.synology.com/security/advisory/Synology_SA_19_16 -~~	(CONFIRM) https://www.synology.com/security/advisory/Synology_SA_19_16 - Third Party Advisory

Information

Published : 2019-04-17 14:29

Updated : 2024-11-21 04:51

NVD link : CVE-2019-9494

Mitre link : CVE-2019-9494

CVE.ORG link : CVE-2019-9494

JSON object : View

Products Affected

fedoraproject

fedora

opensuse

backports_sle
leap

w1.fi

hostapd
wpa_supplicant

synology

router_manager
radius_server

freebsd

freebsd

CWE

CWE-208

Observable Timing Discrepancy

CWE-524

Use of Cache Containing Sensitive Information

CWE-203

Observable Discrepancy

{"id": "CVE-2019-9494", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-04-17T14:29:03.840", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/", "source": "cret@cert.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/", "source": "cret@cert.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/", "source": "cret@cert.org"}, {"url": "https://seclists.org/bugtraq/2019/May/40", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://w1.fi/security/2019-1/", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_16", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/May/40", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://w1.fi/security/2019-1/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_16", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-208"}, {"lang": "en", "value": "CWE-524"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected."}, {"lang": "es", "value": "Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side channel) como resultado de diferencias de tiempo observables y patrones de acceso a la cach\u00e9. Un atacante puede conseguir informaci\u00f3n filtrada de un ataque de canal lateral (side channel) que pueda ser usado para la recuperaci\u00f3n completa de la contrase\u00f1a. Tanto hostapd con soporte SAE como wpa_supplicant con soporte SAE antes e incluyendo la versi\u00f3n 2.7 est\u00e1n afectados."}], "lastModified": "2024-11-21T04:51:43.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5133129D-DA6B-485D-9FE7-33C994FBAF05", "versionEndIncluding": "2.7"}, {"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46294B0E-0043-487D-AD8F-931DC05F0E78", "versionEndIncluding": "2.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD"}, {"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C6E6871-7BB3-43BB-9A31-0B44B46C8D97"}, {"criteria": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "041AF55B-1899-4C8D-8236-215027609F79", "versionEndExcluding": "1.2.3-8087"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1164B48E-2F28-43C5-9B7B-546EAE12E27D"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878DF67E-420A-4229-BEA8-DB9F7161ED9A"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-9494

5.9^/10

4.3^/10

Attach tags to `CVE-2019-9494`