First published: Thu Dec 12 2019(Updated: )
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
W1.fi Hostapd | =2.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-5061.
The severity rating of CVE-2019-5061 is 6.5 (high).
The affected software is hostapd 2.6.
CVE-2019-5061 can be exploited by triggering an access point (AP) to send IAPP location updates for stations before the authentication process has completed.
Yes, a fix for CVE-2019-5061 is available and users are advised to update to a patched version of hostapd.