Fluid Attacks Database

Description

A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange of an SSID during a 4-way handshake.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel6	NetworkManager
rpm rhel8	hostapd
rpm rhel9	hostapd
rpm rhel7	linux-firmware
rpm rhel8	linux-firmware
rpm rhel9	linux-firmware
rpm rhel6	wpa_supplicant
rpm rhel7	wpa_supplicant
rpm rhel8	wpa_supplicant
rpm rhel9	wpa_supplicant

Aliases

1. CVE-2023-524242. NVD-2023-524243. OSV-2023-52424

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.