IM
IronMonkey Threat Research

CVE-2022-37660 MEDIUM

Published: 2025-02-11 | Last Modified: 2026-07-14 | Status: Modified

Description

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.

Additional Descriptions (1)

En hostapd 2.10 y versiones anteriores, el código PKEX permanece activo incluso después de una asociación PKEX exitosa. Un atacante que haya iniciado con éxito claves públicas con otra entidad que usa PKEX en el pasado, podrá subvertir una futura iniciación observando pasivamente las claves públicas, reutilizando el elemento de cifrado Qi y restándolo del mensaje capturado M (X = M - Qi). Esto dará como resultado la clave pública efímera X; el único elemento necesario para subvertir la asociación PKEX.

CVSS Metrics

Base Score: 6.5 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 3.9

Impact Score: 2.5

Weaknesses

Source Type Description
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-323

Affected Products

Vendor Product Version Update Type
w1.fi hostapd * <built-in method update of dict object at 0x702bde03c0c0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*
Notification
Message here