CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
35.7%
wpa_supplicant is vulnerable to the Improper Authentication vulnerability. The vulnerability arises because wpa_supplicant can be configured to skip TLS certificate verification during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be exploited to bypass Phase 2 authentication. Attackers can exploit this by sending an EAP-TLV Success packet instead of initiating Phase 2, enabling them to impersonate Enterprise Wi-Fi networks.
lists.debian.org/debian-lts-announce/2024/02/msg00013.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.19/main.yaml
w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c
www.top10vpn.com/research/wifi-vulnerabilities/
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
35.7%