Denial of service - CVE-2016-4476
Published: October 8, 2016 / Updated: October 11, 2016
Vulnerability identifier: #VU832
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4476
CWE-ID: CWE-88
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper writing of configuration file update for the WPA/WPA2 passphrase parameter. If the parameter is updated through a WPS operation or local configuration, the resulting configuration file leads to interruption of the hostapd and wpa supplicant functionality.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness is due to improper writing of configuration file update for the WPA/WPA2 passphrase parameter. If the parameter is updated through a WPS operation or local configuration, the resulting configuration file leads to interruption of the hostapd and wpa supplicant functionality.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
How to mitigate CVE-2016-4476
Update to version 1:2.6-1.