#VU101950 Input validation error in IEEE 802.11 - CVE-2023-52424


Vulnerability identifier: #VU101950

Vulnerability risk: Medium

CVSSv4.0: 1.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52424

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
IEEE 802.11
Other software / Other software solutions

Vendor: IEEE

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to SSID confusion error in the IEEE 802.11 standard. A remote attacker can trick the victim into connecting to unintended or untrusted network with Home WEP, Home WPA3 SAE-loop, Enterprise 802.1X/EAP, Mesh AMPE, or FILS. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IEEE 802.11: All versions

External links
https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx
https://www.top10vpn.com/research/wifi-vulnerability-ssid/
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SSID confusion in IEEE 802.11 standard in Arista Wireless Access Points
Anolis OS update for wpa_supplicant
Fedora 41 update for bluez, iwd, libell
Fedora 40 update for bluez, iwd, libell
Fedora 40 update for hostapd, wpa_supplicant
Fedora 40 update for iwd, libell
Fedora 41 update for iwd, libell
SSID confusion in IEEE 802.11 standard