Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-14526

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Aug, 2018 | 19:00
Updated At-05 Aug, 2024 | 09:29
Rejected At-
Credits

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Aug, 2018 | 19:00
Updated At:05 Aug, 2024 | 09:29
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://papers.mathyvanhoef.com/woot2018.pdf
x_refsource_MISC
http://www.securitytracker.com/id/1041438
vdb-entry
x_refsource_SECTRACK
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
x_refsource_MISC
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc
vendor-advisory
x_refsource_FREEBSD
https://access.redhat.com/errata/RHSA-2018:3107
vendor-advisory
x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html
mailing-list
x_refsource_MLIST
https://usn.ubuntu.com/3745-1/
vendor-advisory
x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html
vendor-advisory
x_refsource_SUSE
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
x_refsource_CONFIRM
https://www.us-cert.gov/ics/advisories/icsa-19-344-01
x_refsource_MISC
Hyperlink: https://papers.mathyvanhoef.com/woot2018.pdf
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id/1041438
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
Resource:
x_refsource_MISC
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3107
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://usn.ubuntu.com/3745-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-19-344-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://papers.mathyvanhoef.com/woot2018.pdf
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id/1041438
vdb-entry
x_refsource_SECTRACK
x_transferred
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
x_refsource_MISC
x_transferred
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
https://access.redhat.com/errata/RHSA-2018:3107
vendor-advisory
x_refsource_REDHAT
x_transferred
https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html
mailing-list
x_refsource_MLIST
x_transferred
https://usn.ubuntu.com/3745-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
x_refsource_CONFIRM
x_transferred
https://www.us-cert.gov/ics/advisories/icsa-19-344-01
x_refsource_MISC
x_transferred
Hyperlink: https://papers.mathyvanhoef.com/woot2018.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id/1041438
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3107
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://usn.ubuntu.com/3745-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-19-344-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Aug, 2018 | 19:29
Updated At:03 Oct, 2019 | 00:03

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
w1.fi
w1.fi
>>wpa_supplicant>>Versions from 2.0(inclusive) to 2.6(inclusive)
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-924Primarynvd@nist.gov
CWE ID: CWE-924
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.htmlcve@mitre.org
N/A
http://www.securitytracker.com/id/1041438cve@mitre.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3107cve@mitre.org
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdfcve@mitre.org
N/A
https://lists.debian.org/debian-lts-announce/2018/08/msg00009.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://papers.mathyvanhoef.com/woot2018.pdfcve@mitre.org
Technical Description
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asccve@mitre.org
Mitigation
Patch
Third Party Advisory
https://usn.ubuntu.com/3745-1/cve@mitre.org
Third Party Advisory
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txtcve@mitre.org
Mitigation
Patch
Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-344-01cve@mitre.org
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00013.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1041438
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3107
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/08/msg00009.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://papers.mathyvanhoef.com/woot2018.pdf
Source: cve@mitre.org
Resource:
Technical Description
Third Party Advisory
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:11.hostapd.asc
Source: cve@mitre.org
Resource:
Mitigation
Patch
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3745-1/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
Source: cve@mitre.org
Resource:
Mitigation
Patch
Vendor Advisory
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-19-344-01
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2017-5042
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 12.58%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_serverdebian_linuxmacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-3460
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-11 Apr, 2019 | 16:00
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxvirtualization_hostenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_desktopcodeready_linux_builderdebian_linuxlinux_kernelenterprise_linux_workstationenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timeLinux
CWE ID-CWE-20
Improper Input Validation
CVE-2019-3459
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-11 Apr, 2019 | 15:53
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_ausenterprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_desktopcodeready_linux_builderdebian_linuxlinux_kernelenterprise_linux_workstationenterprise_linux_eusenterprise_mrgenterprise_linux_server_tusenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timeLinux
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3702
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.93%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

Action-Not Available
Vendor-Arista Networks, Inc.Debian GNU/LinuxQualcomm Technologies, Inc.
Product-av2msm8996au_firmwareqcs405_firmwareo-90sdx20ipq4019qcn5502qcn5502_firmwareqca9531qcs405sm7150_firmwareapq8053sm6150msm8909w_firmwaresm6150_firmwaremsm8996audebian_linuxo90esdx20_firmwareqca9531_firmwarec75-eipq8064c-75sm7150msm8909waccess_pointw-68apq8053_firmwareipq8064_firmwareipq4019_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-26676
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.89%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:47
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

Action-Not Available
Vendor-n/aIntel CorporationopenSUSEDebian GNU/Linux
Product-connmandebian_linuxleapn/a
CVE-2020-12863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.10%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 12:52
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

Action-Not Available
Vendor-sane-projectn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxsane_backendsdebian_linuxleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12862
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.10%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 12:52
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.

Action-Not Available
Vendor-sane-projectn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxsane_backendsdebian_linuxleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8921
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.26%
||
7 Day CHG~0.00%
Published-29 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxBlueZ
Product-debian_linuxlinux_kernelbluezn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-12864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.28%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 12:52
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

Action-Not Available
Vendor-sane-projectn/aCanonical Ltd.openSUSE
Product-ubuntu_linuxsane_backendsleapn/a
CWE ID-CWE-125
Out-of-bounds Read
Details not found