CVE-2023-52160
Publication date 22 February 2024
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Status
Package | Ubuntu Release | Status |
---|---|---|
wpa | 24.04 LTS noble |
Vulnerable, fix deferred
|
22.04 LTS jammy |
Vulnerable, fix deferred
|
|
20.04 LTS focal |
Vulnerable, fix deferred
|
|
18.04 LTS bionic |
Vulnerable, fix deferred
|
|
16.04 LTS xenial |
Vulnerable, fix deferred
|
|
14.04 LTS trusty |
Vulnerable, fix deferred
|
Notes
mdeslaur
Commit listed in this CVE is only a workaround for certain unrelated scenarios, as upstream claims the real issue here is misconfiguration and external components that generate bad configurations that don't follow the documentation. See the following: http://lists.infradead.org/pipermail/hostap/2024-February/042362.html http://lists.infradead.org/pipermail/hostap/2024-February/042364.html Marking wpa in this CVE as deferred as there is no fix available. Front-end components that generate bad configuration files should be added to this CVE if any are discovered.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |