SB2019121606 - Multiple vulnerabilities in W1.fi hostapd

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Expected behavior violation (CVE-ID: CVE-2019-5062)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the 802.11w security state handling connected clients with valid 802.11w sessions. A remote attacker on the local network can simulate an incomplete new association, trigger a deauthentication against stations using 802.11w and cause a denial of service condition on the target system.

Note: This vulnerability affects hostapd on a Raspberry Pi.

2) Expected behavior violation (CVE-ID: CVE-2019-5061)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an Authentication and AssociationRequest packet is sent before the station has successfully authenticated. A remote attacker on the local network can iterate through a large set of unique MAC addresses to trigger DoS attacks within the upstream network infrastructure.

This can lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure.

Note: This vulnerability affects hostapd Ubiquiti AP-AC-Pro firmware 4.0.10.9653

Remediation

Install update from vendor's website.

References

• https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850
• https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849