This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for SAE (Simultaneous Authentication of Equals) nor for EAP-pwd.
This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7 and 8 as they are not compiled with SAE (Simultaneous Authentication of Equals) nor with EAP-pwd enabled. In particular, the CONFIG_SAE=y and CONFIG_EAP_PWD=y options are not set at compile time.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||5.3|
|CVSS3 Base Metrics||CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N|
|Attack Vector||Adjacent Network|
Affected Packages State
|Red Hat Enterprise Linux 8||wpa_supplicant||Not affected|
|Red Hat Enterprise Linux 7||wpa_supplicant||Not affected|
|Red Hat Enterprise Linux 6||wpa_supplicant||Not affected|
|Red Hat Enterprise Linux 5||wpa_supplicant||Not affected|
CVE description copyright © 2017, The MITRE Corporation