Support Content Notification - Support Portal

BSA-2019-777

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21446

Last Updated

15 April 2019

Initial Publication Date

15 April 2019

Status

Closed

Severity

Medium

CVSS Base Score

N/A

WorkAround

N/A

Affected CVE

CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499

Summary

Security Advisory ID : BSA-2019-777

Component : WPA3

Revision : 1.0: Final

Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood. More at: https://wpa3.mathyvanhoef.com/

CVE-2019-9494: SAE cache attack against ECC groups (SAE side-channel attacks) - CWE-208 and CWE-524
The implementations of SAE in hostapd
and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.

CVE-2019-9495: EAP-PWD cache attack against ECC groups (EAP-PWD side-channel attack) - CWE-524
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of cache access patterns. Versions of hostapd and wpa_supplicant versions 2.7 and earlier, with EAP-PWD support are vulnerable.

CVE-2019-9496: SAE confirm missing state validation - CWE-642
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable.

CVE-2019-9497: EAP-PWD reflection attack (EAP-PWD missing commit validation) - CWE-301
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit.

CVE-2019-9498: EAP-PWD server missing commit validation for scalar/element - CWE-346
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.

CVE-2019-9499: EAP-PWD peer missing commit validation for scalar/element - CWE-346
The implementations of EAP-PWD in wpa_supplicant
EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.

More information about these vulnerabilities can be found at: https://www.kb.cert.org/vuls/id/871675/

Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.

Revision History

Version	Change	Date
1.0	Initial Publication	April 15, 2019