1. Home
  2. Vulnerabilities
  3. CVE-2019-5108

CVE-2019-5108

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 3.3 (Low)
33% Progress
EPSS 0.12 % (47th)
0.12% Progress
Affected Products 21
Advisories 17
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

Weaknesses
CWE-287
Improper Authentication
CWE-440
Expected Behavior Violation
CVE Status
PUBLISHED
CNA
Talos
Published Date
2019-12-23 19:15:11
(4 years ago)
Updated Date
2022-06-17 13:18:09
(2 years ago)

Affected Products

Canonical

Debian

Linux

Netapp

Oracle

Configuration #1

AND
    CPE23 From Up To
OR  
  Linux Kernel prior 5.3 version cpe:2.3:o:linux:linux_kernel < 5.3

Configuration #2

AND
    CPE23 From Up To
OR  
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
OR  
  Running on/with
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

AND
    CPE23 From Up To
OR  
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm
OR  
  Running on/with
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm
OR  
  Running on/with
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts

Configuration #4

AND
    CPE23 From Up To
OR  
  Netapp Active Iq Unified Manager for Vmware Vsphere cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere
OR  
  Running on/with
  Netapp Cloud Backup cpe:2.3:a:netapp:cloud_backup:-
OR  
  Running on/with
  Netapp Data Availability Services cpe:2.3:a:netapp:data_availability_services:-
OR  
  Running on/with
  Netapp E-series Santricity Os Controller from 11.0.0 version and 11.70.1 and prior versions cpe:2.3:a:netapp:e-series_santricity_os_controller >= 11.0.0 <= 11.70.1
OR  
  Running on/with
  Netapp Hci Management Node cpe:2.3:a:netapp:hci_management_node:-
OR  
  Running on/with
  Netapp Solidfire cpe:2.3:a:netapp:solidfire:-
OR  
  Running on/with
  Netapp Steelstore Cloud Integrated Storage cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-

Configuration #5

AND
    CPE23 From Up To
OR  
  Netapp A700s Firmware cpe:2.3:o:netapp:a700s_firmware:-
OR  
  Running on/with
  Netapp A700s cpe:2.3:h:netapp:a700s:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Netapp H610s Firmware cpe:2.3:o:netapp:h610s_firmware:-
OR  
  Running on/with
  Netapp H610s cpe:2.3:h:netapp:h610s:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Netapp 8300 Firmware cpe:2.3:o:netapp:8300_firmware:-
OR  
  Running on/with
  Netapp 8300 cpe:2.3:h:netapp:8300:-

Configuration #8

AND
    CPE23 From Up To
OR  
  Netapp 8700 Firmware cpe:2.3:o:netapp:8700_firmware:-
OR  
  Running on/with
  Netapp 8700 cpe:2.3:h:netapp:8700:-

Configuration #9

AND
    CPE23 From Up To
OR  
  Netapp A400 Firmware cpe:2.3:o:netapp:a400_firmware:-
OR  
  Running on/with
  Netapp A400 cpe:2.3:h:netapp:a400:-

Configuration #10

AND
    CPE23 From Up To
OR  
  Oracle Sd-wan Edge 8.2 cpe:2.3:a:oracle:sd-wan_edge:8.2