NS-SA-2025-0087

简介

moderate: wpa_supplicant security update

严重级别

moderate

主题

An update for wpa_supplicant is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

wpa_supplicant:


Security Fix(es):
wpa_supplicant: A flaw was found in wpa_supplicant's implementation of PEAP. This issue may allow an attacker to skip the second phase of authentication when the target device has not been properly configured to verify the authentication server. By skipping the second phase of authentication, it’s easier for an attacker to create a rogue clone of a trusted WiFi network to trick the victim into connecting, all without knowing their password.(CVE-2023-52160)
wpa_supplicant: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.02B7.

影响组件

• wpa_supplicant

影响产品

• CGSL MAIN 7.02

更新包

CVE

• CVE-2023-52160

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52160