CVE-2018-14526 - An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain condition

CVE-2018-14526

Summary

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

References

Vulnerable Configurations

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.0-16:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.0-16:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*

CVSS

Base:	3.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-924

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:A/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

bugzilla

id	1614520
title	CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027
comment wpa_supplicant is earlier than 1:2.6-12.el7
oval oval:com.redhat.rhsa:tst:20183107001
comment wpa_supplicant is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141956002

rhsa

id	RHSA-2018:3107
released	2018-10-30
severity	Moderate
title	RHSA-2018:3107: wpa_supplicant security and bug fix update (Moderate)

rpms

wpa_supplicant-1:2.6-12.el7
wpa_supplicant-debuginfo-1:2.6-12.el7

refmap via4

confirm	https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
freebsd	FreeBSD-SA-18:11
misc	https://papers.mathyvanhoef.com/woot2018.pdf https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt https://www.us-cert.gov/ics/advisories/icsa-19-344-01
mlist	[debian-lts-announce] 20180809 [SECURITY] [DLA 1462-1] wpa security update
sectrack	1041438
suse	openSUSE-SU-2019:1345
ubuntu	USN-3745-1

Last major update

03-10-2019 - 00:03

Published

08-08-2018 - 19:29

Last modified

03-10-2019 - 00:03