How severe is CVE-2019-9495?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2019-9495?

This is classified as CWE-524, which is a common weakness in software security.

CVE-2019-9495 - LOW Severity | CVSS 3.7

Vulnerability Description

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Related Vulnerabilities

CVE-2019-11244

LOW

CVSS:3.3(Low)

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If...

CWE-5242019

CVE-2023-37516

LOW

CVSS:3.2(Low)

Missing "no cache" headers in HCL Leap permits user directory information to be cached.

CWE-5242023

CVE-2023-37517

LOW

CVSS:3.2(Low)

Missing "no cache" headers in HCL Leap permits sensitive data to be cached.

CWE-5242023

CVE-2024-30127

LOW

CVSS:3.2(Low)

Missing "no cache" headers in HCL Leap permits sensitive data to be cached.

CWE-5242024

CVE-2019-14997

MEDIUM

CVSS:4.3(Medium)

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnera...

CWE-5242019

CVE-2022-3292

MEDIUM

CVSS:4.3(Medium)

Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8.

CWE-5242022