search menu icon-carat-right cmu-wordmark

CERT Coordination Center

WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

Vulnerability Note VU#871675

Original Release Date: 2019-04-12 | Last Revised: 2019-04-16

Overview

Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood.

Description

CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous "implementation" vulnerabilities may involve modifying the protocol.

WPA3 uses Simultaneous Authentication of Equals (SAE), also known as Dragonfly Key Exchange, as the initial key exchange protocol, replacing WPA2's Pre-Shared Key (PSK) protocol. hostapd is a daemon for access point and authentication servers used by WPA3 authentication. wpa_supplicant is a wireless supplicant that implements key negotiation with the WPA Authenticator and supports WPA3. Both of these components, as implemented with Extensible Authentication Protocol Password (EAP-PWD) and SAE, are vulnerable as follows:

CVE-2019-9494: SAE cache attack against ECC groups (SAE side-channel attacks) - CWE-208 and CWE-524
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.

CVE-2019-9495: EAP-PWD cache attack against ECC groups (EAP-PWD side-channel attack) - CWE-524
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of cache access patterns. Versions of hostapd and wpa_supplicant versions 2.7 and earlier, with EAP-PWD support are vulnerable.

CVE-2019-9496: SAE confirm missing state validation - CWE-642
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable.

CVE-2019-9497: EAP-PWD reflection attack (EAP-PWD missing commit validation) - CWE-301
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit.

CVE-2019-9498: EAP-PWD server missing commit validation for scalar/element - CWE-346
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.

CVE-2019-9499: EAP-PWD peer missing commit validation for scalar/element - CWE-346
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.

Impact

CVE-2019-9494: SAE cache attack against ECC groups (SAE side-channel attacks) - CWE-208 and CWE-524
An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery.

CVE-2019-9495: EAP-PWD cache attack against ECC groups (EAP-PWD side-channel attack) - CWE-524
The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494.

CVE-2019-9496: SAE confirm missing state validation - CWE-642
An attacker may force the hostapd process to terminate, performing a denial of service attack.

CVE-2019-9497: EAP-PWD reflection attack (EAP-PWD missing commit validation) - CWE-301
This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange.

CVE-2019-9498: EAP-PWD server missing commit validation for scalar/element - CWE-346
An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password.

CVE-2019-9499: EAP-PWD peer missing commit validation for scalar/element - CWE-346
An attacker may complete authentication, session key and control of the data connection with a client.

Solution

Upgrade wpa_supplicant and hostapd to version 2.8, when available. Additional mitigation options are listed below.

Check your vendor for mitigation information.

Mitigations are available for
CVE-2019-9494 https://w1.fi/security/2019-1/
CVE-2019-9495 https://w1.fi/security/2019-2/
CVE-2019-9496 https://w1.fi/security/2019-3/
CVE-2019-9497 https://w1.fi/security/2019-4/
CVE-2019-9498 https://w1.fi/security/2019-4/
CVE-2019-9499 https://w1.fi/security/2019-4/

Vendor Information

871675
 
Affected   Unknown   Unaffected

Broadcom

Notified:  March 11, 2019 Updated:  April 01, 2019

Statement Date:   March 29, 2019

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeRADIUS

Notified:  March 29, 2019 Updated:  April 01, 2019

Statement Date:   April 01, 2019

Status

  Affected

Vendor Statement

We have released version 3.0.19 of FreeRADIUS to address this issue. Our full response to this issue is located at https://freeradius.org/security/

    The issues reported here affect only EAP-PWD. All other authentication methods are not affected. We note that EAP-PWD is not enabled in the default installation of the server, so most systems will not be vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://freeradius.org/security/

Synology

Notified:  March 11, 2019 Updated:  April 11, 2019

Statement Date:   March 26, 2019

Status

  Affected

Vendor Statement

The mitigation, patched `hostapd` and `wpa_supplicant`, is provided by another vendor but it has not passed the WPA3 certification yet. Therefore, Synology decides to postpone the final fixes for RT2600ac and
MR2200ac until the cert qualification.

Vendor Information

Synology Security Team

Vendor References

https://www.synology.com/security/advisory/Synology_SA_19_16

Addendum

    Greetings,

    Thank you for informing Synology regarding VU#871675 and the supplementary
    OpenSSL vulnerability.

    Synology has confirmed that DiskStation Manager (DSM) [1], Synology Router
    Manager (SRM) [2], including RT1900ac [3], RT2600ac [4] and MR2200ac [5] are not
    affected.
    These products ship OpenSSL version 1.0.2 and wpa_supplicant, but EAP-PWD
    (CONFIG_EAP_PWD) is not enabled and not compiled as well.

    However, the RADIUS Server [6] package is potentially vulnerable. The package
    ships EAP-PWD module but the module is not enabled by default and administrators
    have to enable it manually by editing configuration file.
    Customers can manually remove the module or keep the configuration file default
    as mitigation for the supplementary OpenSSL vulnerability.

    By convention, we will publish a security advisory after public disclosure.

    Reference:
    [1] https://www.synology.com/dsm
    [2] https://www.synology.com/srm
    [3] https://www.synology.com/products/RT1900ac
    [4] https://www.synology.com/products/RT2600ac
    [5] https://www.synology.com/products/MR2200ac
    [6] https://www.synology.com/dsm/packages/RadiusServer


    - Synology Security Team
    (mail #22389)

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

Arista Networks, Inc.

Notified:  March 11, 2019 Updated:  March 15, 2019

Statement Date:   March 13, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH

Notified:  March 11, 2019 Updated:  April 16, 2019

Status

  Not Affected

Vendor Statement

Please find all AVM security notifications here: https://en.avm.de/service/current-security-notifications/

    The FRITZ!Box is not affected by this vulnerability. The recently announced FRITZ!Repeater 3000 is the only AVM product that already supports WPA3. The new WPA3 WiFi standard is not active in the repeater's factory settings.

    AVM has already released an update for the FRITZ!Repeater 3000 as a Lab version, which addresses the points of the current WPA3 vulnerability. AVM also recommends always choosing a really long, strong network password. The password evaluation in FRITZ!OS helps you find a strong password. AVM strongly recommends deploying the provided updates from manufacturers for all wireless clients, for example notebooks, smart TVs or tablets.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://en.avm.de/service/current-security-notifications/

Belden

Notified:  March 11, 2019 Updated:  April 03, 2019

Statement Date:   April 03, 2019

Status

  Not Affected

Vendor Statement

to the WPA3 Vulnerability. The OpenSSL.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlackBerry

Notified:  March 11, 2019 Updated:  March 27, 2019

Statement Date:   March 13, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems

Notified:  March 11, 2019 Updated:  April 12, 2019

Statement Date:   April 10, 2019

Status

  Not Affected

Vendor Statement

Brocade statement related to VU#871675

    Not Affected.

    No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.

    We will provide the link to Brocade Security Advisory once the issue is public.

    Thank you.

    Regards.
    Brocade Security.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cambium Networks

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 11, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 12, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 11, 2019

Status

  Not Affected

Vendor Statement

“We are aware of the vulnerabilities and confirmed no Cisco products are impacted. Cisco is engaged with the appropriate groups to address the concerns in future products.”

    .

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS

Notified:  March 11, 2019 Updated:  March 11, 2019

Statement Date:   March 11, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell

Notified:  March 11, 2019 Updated:  March 27, 2019

Statement Date:   March 26, 2019

Status

  Not Affected

Vendor Statement

Not affected on the SERVER side. Waiting for a response from Microsoft to determine if there are issues with the OS..

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 18, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Good Day,

We have audit our projects/products globally.

D-Link brand, globally)  has no current shipping product nor internal
infrastructure using the WPA3 feature.

D-Link Systems, Inc. (D-Link US) has elevated this report to D-Link
Corporation (Brand owner)  who has notified all R&D of such issue.

Projects including the WPA3 feature will not release until their is a
solution and/or patch for this WAP3 security vulnerability report.

Regards,
William Brown
CISO IT/Product
D-Link Systems, Inc. (DLS/D-Link US).

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Extreme Networks

Notified:  March 11, 2019 Updated:  April 08, 2019

Statement Date:   April 08, 2019

Status

  Not Affected

Vendor Statement

    Hello,

    We have determined that wireless products from Extreme Networks, Inc. are
    not vulnerable to the WPA3 vulnerabilities described in VU#871675 since we
    don't yet support WPA3. Going forward, once we release WPA3 support, we
    are investigating patches for these vulnerabilities prior to product release.

    Thanks,

    PSIRT Team
    Extreme Networks, Inc.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 16, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation

Notified:  March 11, 2019 Updated:  March 15, 2019

Statement Date:   March 13, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc.

Notified:  March 11, 2019 Updated:  March 26, 2019

Statement Date:   March 26, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC

Notified:  March 11, 2019 Updated:  March 20, 2019

Statement Date:   March 19, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 14, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel

Notified:  March 08, 2019 Updated:  April 12, 2019

Statement Date:   April 09, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks

Notified:  March 11, 2019 Updated:  March 15, 2019

Statement Date:   March 14, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH

Notified:  March 11, 2019 Updated:  April 15, 2019

Statement Date:   April 15, 2019

Status

  Not Affected

Vendor Statement

Vendor Statement
LANCOM is aware of the vulnerabilities and confirms that no LANCOM product is affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.lancom-systems.com/service-support/instant-help/general-secur ity-information/

LG Electronics

Notified:  March 11, 2019 Updated:  March 20, 2019

Statement Date:   March 19, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft

Notified:  March 11, 2019 Updated:  April 01, 2019

Statement Date:   April 01, 2019

Status

  Not Affected

Vendor Statement

Microsoft's current products do not support the WPA-3 standard and are not vulnerable to this disclosure.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MikroTik

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 11, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenSSL

Notified:  March 29, 2019 Updated:  April 16, 2019

Statement Date:   April 15, 2019

Status

  Not Affected

Vendor Statement

Not Vulnerable: OpenSSL is not directly vulnerable to these issues. However in
order to provide additional protection to applications that do not correctly
validate elliptic curve points we are backporting commit 1e2012b to OpenSSL
1.0.2 (see
https://github.com/openssl/openssl/pull/8750). It will become
available in the next release of OpenSSL 1.0.2. OpenSSL 1.1.0 and OpenSSL 1.1.1
already have this additional protection.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://github.com/openssl/openssl/pull/8750

Openwall GNU/*/Linux

Notified:  March 11, 2019 Updated:  March 11, 2019

Statement Date:   March 11, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Palo Alto Networks

Notified:  March 11, 2019 Updated:  March 18, 2019

Statement Date:   March 13, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pulse Secure

Notified:  March 11, 2019 Updated:  April 12, 2019

Statement Date:   April 11, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware

Notified:  March 11, 2019 Updated:  March 20, 2019

Statement Date:   March 20, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zyxel

Notified:  March 11, 2019 Updated:  March 15, 2019

Statement Date:   March 15, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actiontec

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADATA

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADTRAN

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

aep NETWORKS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aerohive

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AhnLab Inc

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AirWatch

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Akamai Technologies, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Allied Telesis

Notified:  April 10, 2019 Updated:  April 10, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Amazon

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Android Open Source Project

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ANTlabs

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Appgate Network Security

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux

Notified:  March 11, 2019 Updated:  March 15, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aruba Networks

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Atheros Communications Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bell Canada Enterprises

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlueCat Networks, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blue Coat Systems

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blunk Microsystems

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BoringSSL

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Buffalo Inc

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CA Technologies

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ceragon Networks Inc

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cirpack

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CMX Systems

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Comcast

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Command Software Systems

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Contiki OS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cricket Wireless

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CZ.NIC

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell SecureWorks

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Devicescape

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digi International

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dnsmasq

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eCosCentric

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EfficientIP SAS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ENEA

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Espressif Systems

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

European Registry for Internet Domains

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Express Logic

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fastly

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Brocade

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GFI Software, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU adns

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU glibc

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Grandstream

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Honeywell

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Infoblox

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

InfoExpress, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Inmarsat

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Interniche Technologies, inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

INTEROP

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

JH Software

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lancope

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lantronix

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LibreSSL

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LITE-ON Technology Corporation

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lynx Software Technologies

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marconi, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marvell Semiconductors

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MediaTek

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Medtronic

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Men & Mice

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MetaSwitch

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Metrobility, Inc.

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microchip Technology

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft Vulnerability Research

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Miredo

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Muonics, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBurner

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NETSCOUT

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmp

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmpj

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NIKSUN

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nixu

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NLnet Labs

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nominum

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OleumTech

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OmniTI

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenConnect

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenDNS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenIndiana

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oryx Embedded

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Paessler

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pantech North America

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Peplink

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSense

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PHPIDS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PowerDNS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QLogic

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quadros Systems

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QUALCOMM Incorporated

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverbed Technologies

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rocket RTOS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Roku

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Mobile

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Semiconductor Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SEIKO EPSON Corp. / Epson America Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sierra Wireless

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SonicWall

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sonos

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sophos, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TCPWave

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TDS Telecom

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint Technologies Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Commerce Solutions

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TP-LINK

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubiquiti Networks

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vertical Networks, Inc.

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WizNET Technology

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

wolfSSL

Notified:  March 29, 2019 Updated:  March 29, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xiaomi

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xilinx

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zebra Technologies

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zephyr Project

Notified:  March 11, 2019 Updated:  March 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 224 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 7 AV:A/AC:M/Au:S/C:C/I:C/A:P
Temporal 7 E:ND/RL:ND/RC:C
Environmental 7.0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Mathy Vanhoef(NYUAD)and Eyal Ronen(Tel Aviv University&KU Leuven)for reporting this vulnerability; Jouni Malinen for patches,and Kevin Robinson for support from Wi-Fi Alliance.

This document was written by Laurie Tyzenhaus and Madison Oliver.

Other Information

CVE IDs: CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
Date Public: 2019-04-10
Date First Published: 2019-04-12
Date Last Updated: 2019-04-16 11:28 UTC
Document Revision: 79

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.