How severe is CVE-2019-9498?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2019-9498?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2019-9498 - HIGH Severity | CVSS 8.1

Vulnerability Description

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Related Vulnerabilities

CVE-2018-4319

HIGH

CVSS:8.1(High)

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for ...

CWE-3462018

CVE-2019-20329

HIGH

CVSS:8.1(High)

OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000.

CWE-3462019

CVE-2019-9499

HIGH

CVSS:8.1(High)

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pw...

CWE-3462019

CVE-2020-8818

HIGH

CVSS:8.1(High)

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an...

CWE-3462020

CVE-2020-8819

HIGH

CVSS:8.1(High)

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacke...

CWE-3462020

CVE-2021-27197

HIGH

CVSS:8.1(High)

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a mal...

CWE-3462021