CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
35.7%
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network’s TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | wpa | < 2:2.10-12+deb12u1 | wpa_2:2.10-12+deb12u1_all.deb |
Debian | 11 | all | wpa | < 2:2.9.0-21+deb11u1 | wpa_2:2.9.0-21+deb11u1_all.deb |
Debian | 999 | all | wpa | < 2:2.10-21.1 | wpa_2:2.10-21.1_all.deb |
Debian | 13 | all | wpa | < 2:2.10-21.1 | wpa_2:2.10-21.1_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
35.7%