Man-in-the-Middle Vulnerability in wpa_supplicant by The Open Group
CVE-2015-0210

5.9MEDIUM

Key Information:

Vendor: W1.fi
Status: WPa Supplicant
Vendor: CVE Published:; 28 August 2017

What is CVE-2015-0210?

The wpa_supplicant component version 2.0-16 fails to properly validate the subject name in certificates, which can allow remote attackers to execute man-in-the-middle attacks. This weakness enables unauthorized interception and alteration of communications, potentially exposing sensitive user data.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1178263

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1178921

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2017
Vulnerability Reserved
Nov 18, 2014

CVE-2015-0210 Data

JSON

W1.fi

What is CVE-2015-0210?

References

CVSS V3.1

Timeline