Expected Behavior Violation

CVE-2019-5062

Medium

6.5/10

Summary

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-440 - Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

References

Advisory Timeline

Published Dec 12, 2019

Expected Behavior Violation

CVE-2019-5062

Summary

CWE-440 - Expected Behavior Violation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS