Vulnerability identifier: #VU832

Vulnerability risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4476

CWE-ID: CWE-88

Exploitation vector: Local network

Exploit availability: No

Description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper writing of configuration file update for the WPA/WPA2 passphrase parameter. If the parameter is updated through a WPS operation or local configuration, the resulting configuration file leads to interruption of the hostapd and wpa supplicant functionality.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Mitigation
Update to version 1:2.6-1.

External links
http://access.redhat.com/security/cve/CVE-2016-4476

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.