/

CVE-2023-52161 Report - Details, Severity, & Advisorie...

CVE-2023-52161 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-52161?

CVE-2023-52161 is a high-severity vulnerability affecting the Access Point functionality in iNet wireless daemon (IWD) before version 2.14. This vulnerability allows attackers to gain unauthorized access to protected Wi-Fi networks by exploiting a weakness in the EAPOL handshake process. Systems running IWD before version 2.14, particularly Linux systems, are at risk.

Who is impacted by this?

CVE-2023-52161 affects users of the Access Point functionality in iNet wireless daemon (IWD) before version 2.14, particularly those using Linux systems. This vulnerability allows attackers to gain unauthorized access to protected Wi-Fi networks. If you're using IWD versions up to, but not including, 2.14, your system may be at risk.

What to do if CVE-2023-52161 affected you

If you're affected by the CVE-2023-52161 vulnerability, it's important to take action to secure your system. To do this, follow these steps:

  1. Update your iNet wireless daemon (IWD) to version 2.14 or later.

  2. If you're using Fedora 39, update to the iwd-2.16-1.fc39 package.

  3. For users of the wireless/iwd.git repository, ensure you have the commit that adds a check for message 2 in the 4-way handshake process.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-52161 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, affecting iNet wireless daemon (IWD) before version 2.14, allows attackers to gain unauthorized access to protected Wi-Fi networks. To address this issue, users should update their IWD to version 2.14 or later, apply the necessary patch, and follow the recommended steps to secure their systems.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which involves improper authentication in the iNet wireless daemon (IWD) before version 2.14.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-52161 Report - Details, Severity, & Advisorie...

CVE-2023-52161 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-52161?

CVE-2023-52161 is a high-severity vulnerability affecting the Access Point functionality in iNet wireless daemon (IWD) before version 2.14. This vulnerability allows attackers to gain unauthorized access to protected Wi-Fi networks by exploiting a weakness in the EAPOL handshake process. Systems running IWD before version 2.14, particularly Linux systems, are at risk.

Who is impacted by this?

CVE-2023-52161 affects users of the Access Point functionality in iNet wireless daemon (IWD) before version 2.14, particularly those using Linux systems. This vulnerability allows attackers to gain unauthorized access to protected Wi-Fi networks. If you're using IWD versions up to, but not including, 2.14, your system may be at risk.

What to do if CVE-2023-52161 affected you

If you're affected by the CVE-2023-52161 vulnerability, it's important to take action to secure your system. To do this, follow these steps:

  1. Update your iNet wireless daemon (IWD) to version 2.14 or later.

  2. If you're using Fedora 39, update to the iwd-2.16-1.fc39 package.

  3. For users of the wireless/iwd.git repository, ensure you have the commit that adds a check for message 2 in the 4-way handshake process.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-52161 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, affecting iNet wireless daemon (IWD) before version 2.14, allows attackers to gain unauthorized access to protected Wi-Fi networks. To address this issue, users should update their IWD to version 2.14 or later, apply the necessary patch, and follow the recommended steps to secure their systems.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which involves improper authentication in the iNet wireless daemon (IWD) before version 2.14.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-52161 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-52161?

CVE-2023-52161 is a high-severity vulnerability affecting the Access Point functionality in iNet wireless daemon (IWD) before version 2.14. This vulnerability allows attackers to gain unauthorized access to protected Wi-Fi networks by exploiting a weakness in the EAPOL handshake process. Systems running IWD before version 2.14, particularly Linux systems, are at risk.

Who is impacted by this?

CVE-2023-52161 affects users of the Access Point functionality in iNet wireless daemon (IWD) before version 2.14, particularly those using Linux systems. This vulnerability allows attackers to gain unauthorized access to protected Wi-Fi networks. If you're using IWD versions up to, but not including, 2.14, your system may be at risk.

What to do if CVE-2023-52161 affected you

If you're affected by the CVE-2023-52161 vulnerability, it's important to take action to secure your system. To do this, follow these steps:

  1. Update your iNet wireless daemon (IWD) to version 2.14 or later.

  2. If you're using Fedora 39, update to the iwd-2.16-1.fc39 package.

  3. For users of the wireless/iwd.git repository, ensure you have the commit that adds a check for message 2 in the 4-way handshake process.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-52161 is not listed in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, affecting iNet wireless daemon (IWD) before version 2.14, allows attackers to gain unauthorized access to protected Wi-Fi networks. To address this issue, users should update their IWD to version 2.14 or later, apply the necessary patch, and follow the recommended steps to secure their systems.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which involves improper authentication in the iNet wireless daemon (IWD) before version 2.14.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.