{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5290", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2024-05-23T21:10:21.160Z", "datePublished": "2024-08-07T08:14:08.153Z", "dateUpdated": "2024-09-18T15:39:53.818Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-641", "descriptions": [{"lang": "en", "value": "CAPEC-641 DLL Side-Loading"}]}], "affected": [{"vendor": "Canonical Ltd.", "product": "wpa_supplicant", "platforms": ["Linux"], "collectionURL": "https://launchpad.net/ubuntu/+source/", "packageName": "wpa", "modules": ["runtime API to load OpenSC module or PKCS11 engine or module"], "programFiles": ["src/crypto/tls_openssl.c"], "versions": [{"status": "affected", "version": "2:2.10-15", "lessThan": "2:2.10-21ubuntu0.1", "versionType": "semver"}, {"status": "affected", "version": "2:2.9.0-21build1", "lessThan": "2:2.10-6ubuntu2.1", "versionType": "semver"}, {"status": "affected", "version": "2:2.9-1ubuntu2", "lessThan": "2:2.9-1ubuntu4.4", "versionType": "semver"}, {"status": "affected", "version": "2.4-0ubuntu10", "lessThan": "2:2.6-15ubuntu2.8+esm1", "versionType": "semver"}, {"status": "affected", "version": "2.4-0ubuntu3", "lessThan": "2.4-0ubuntu6.8+esm1", "versionType": "semver"}, {"status": "affected", "version": "2.1-0ubuntu1", "lessThan": "2.1-0ubuntu1.7+esm5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\n\n\n\n\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist."}], "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613"}, {"url": "https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/"}, {"url": "https://ubuntu.com/security/notices/USN-6945-1"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Rory McNamara", "type": "finder"}, {"lang": "en", "value": "Marc Deslauriers", "type": "remediation developer"}, {"lang": "en", "value": "Sudhakar Verma", "type": "remediation developer"}, {"lang": "en", "value": "Mark Esler", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-09-11T15:45:47.115Z"}}, "adp": [{"affected": [{"vendor": "w1.fi", "product": "wpa_supplicant", "cpes": ["cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2:2.10-15", "status": "affected", "lessThan": "2:2.10-21ubuntu0.1", "versionType": "semver"}, {"version": "2:2.9.0-21build1", "status": "affected", "lessThan": "2:2.10-6ubuntu2.1", "versionType": "semver"}, {"version": "2:2.9-1ubuntu2", "status": "affected", "lessThan": "2:2.9-1ubuntu4.4", "versionType": "semver"}, {"version": "2.4-0ubuntu10", "status": "affected", "lessThan": "2:2.6-15ubuntu2.8+esm1", "versionType": "semver"}, {"version": "2.4-0ubuntu3", "status": "affected", "lessThan": "2.4-0ubuntu6.8+esm1", "versionType": "semver"}, {"version": "2.1-0ubuntu1", "status": "affected", "lessThan": "2.1-0ubuntu1.7+esm5", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:37:32.036314Z", "id": "CVE-2024-5290", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:39:53.818Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5290", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-18T15:37:32.036314Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*"], "vendor": "w1.fi", "product": "wpa_supplicant", "versions": [{"status": "affected", "version": "2:2.10-15", "lessThan": "2:2.10-21ubuntu0.1", "versionType": "semver"}, {"status": "affected", "version": "2:2.9.0-21build1", "lessThan": "2:2.10-6ubuntu2.1", "versionType": "semver"}, {"status": "affected", "version": "2:2.9-1ubuntu2", "lessThan": "2:2.9-1ubuntu4.4", "versionType": "semver"}, {"status": "affected", "version": "2.4-0ubuntu10", "lessThan": "2:2.6-15ubuntu2.8+esm1", "versionType": "semver"}, {"status": "affected", "version": "2.4-0ubuntu3", "lessThan": "2.4-0ubuntu6.8+esm1", "versionType": "semver"}, {"status": "affected", "version": "2.1-0ubuntu1", "lessThan": "2.1-0ubuntu1.7+esm5", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T14:04:34.876Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Rory McNamara"}, {"lang": "en", "type": "remediation developer", "value": "Marc Deslauriers"}, {"lang": "en", "type": "remediation developer", "value": "Sudhakar Verma"}, {"lang": "en", "type": "coordinator", "value": "Mark Esler"}], "impacts": [{"capecId": "CAPEC-641", "descriptions": [{"lang": "en", "value": "CAPEC-641 DLL Side-Loading"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Canonical Ltd.", "modules": ["runtime API to load OpenSC module or PKCS11 engine or module"], "product": "wpa_supplicant", "versions": [{"status": "affected", "version": "2:2.10-15", "lessThan": "2:2.10-21ubuntu0.1", "versionType": "semver"}, {"status": "affected", "version": "2:2.9.0-21build1", "lessThan": "2:2.10-6ubuntu2.1", "versionType": "semver"}, {"status": "affected", "version": "2:2.9-1ubuntu2", "lessThan": "2:2.9-1ubuntu4.4", "versionType": "semver"}, {"status": "affected", "version": "2.4-0ubuntu10", "lessThan": "2:2.6-15ubuntu2.8+esm1", "versionType": "semver"}, {"status": "affected", "version": "2.4-0ubuntu3", "lessThan": "2.4-0ubuntu6.8+esm1", "versionType": "semver"}, {"status": "affected", "version": "2.1-0ubuntu1", "lessThan": "2.1-0ubuntu1.7+esm5", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "wpa", "programFiles": ["src/crypto/tls_openssl.c"], "collectionURL": "https://launchpad.net/ubuntu/+source/", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613"}, {"url": "https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/"}, {"url": "https://ubuntu.com/security/notices/USN-6945-1"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\n\n\n\n\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-09-11T15:45:47.115Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5290", "state": "PUBLISHED", "dateUpdated": "2024-09-18T15:39:53.818Z", "dateReserved": "2024-05-23T21:10:21.160Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2024-08-07T08:14:08.153Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:-:*:*:*:*:*:*:*", "matchCriteriaId": "D862C3D1-8821-4C5C-89A4-0C52CEC668CF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\n\n\n\n\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Ubuntu wpa_supplicant que result\u00f3 en la carga de objetos compartidos arbitrarios, lo que permite a un atacante local sin privilegios escalar privilegios al usuario con el que se ejecuta wpa_supplicant (generalmente root). La membres\u00eda en el grupo netdev o el acceso a la interfaz dbus de wpa_supplicant permiten a un usuario sin privilegios especificar una ruta arbitraria a un m\u00f3dulo que el proceso wpa_supplicant cargar\u00e1; podr\u00edan existir otras v\u00edas de escalada."}], "id": "CVE-2024-5290", "lastModified": "2024-09-17T13:09:13.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2024-08-07T09:16:05.553", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-6945-1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{"bugzilla": {"description": "wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation", "id": "2303402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303402"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-427", "details": ["An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).\nMembership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.", "A vulnerability was found in the wpa_supplicant package. This flaw allows a local unprivileged user who is part of the netdev group to achieve privilege escalation to the same user running wpa_supplicant (typically root)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-5290", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-5290\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5290\nhttps://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613\nhttps://ubuntu.com/security/notices/USN-6945-1"], "statement": "This vulnerability requires a specific configuration to be present on the local system running the vulnerable version of the wpa_supplicant binary; specifically, the local unprivileged user must be part of the netdev group. As such, Red Hat considers this to be a moderate vulnerability and not an important one, per our CVE classification policy.", "threat_severity": "Moderate"}