CVE-2023-52161

The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.
Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:inet_wireless_daemon:*:*:*:*:*:*:*:*

History

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/ -

16 Mar 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/ -

08 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/ -

08 Mar 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/ -

04 Mar 2024, 22:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca - () https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca - Patch
References () https://iwd.wiki.kernel.org/ - () https://iwd.wiki.kernel.org/ - Product
References () https://www.top10vpn.com/research/wifi-vulnerabilities/ - () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory
CPE cpe:2.3:a:intel:inet_wireless_daemon:*:*:*:*:*:*:*:*
CWE CWE-287
First Time Intel
Intel inet Wireless Daemon

22 Feb 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-22 17:15

Updated : 2024-08-29 20:35


NVD link : CVE-2023-52161

Mitre link : CVE-2023-52161

CVE.ORG link : CVE-2023-52161


JSON object : View

Products Affected

intel

  • inet_wireless_daemon
CWE
CWE-287

Improper Authentication