Home > Vulnerability Database > CVE-2019-5061

Mend.io Vulnerability Database

CVE-2019-5061

Date: December 12, 2019

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

Severity Score

6.5

Related Resources (5)

Url: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849

Url: https://security-tracker.debian.org/tracker/CVE-2019-5061

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-5061

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5061

Url: https://www.mend.io/vulnerability-database/CVE-2019-5061

Severity Score

6.5

Weakness Type (CWE)

Authentication Issues

CWE-287

Input Validation

CWE-20

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	3.3
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-5061

Date: December 12, 2019

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?