Description
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Canonical Ltd. / wpa_supplicant2:2.10-15 – 2:2.10-21ubuntu0.1
- Canonical Ltd. / wpa_supplicant2:2.9.0-21build1 – 2:2.10-6ubuntu2.1
- Canonical Ltd. / wpa_supplicant2:2.9-1ubuntu2 – 2:2.9-1ubuntu4.4
- Canonical Ltd. / wpa_supplicant2.4-0ubuntu10 – 2:2.6-15ubuntu2.8+esm1
- Canonical Ltd. / wpa_supplicant2.4-0ubuntu3 – 2.4-0ubuntu6.8+esm1
- Canonical Ltd. / wpa_supplicant2.1-0ubuntu1 – 2.1-0ubuntu1.7+esm5