CVE-2022-37660

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://link.springer.com/article/10.1007/s10207-025-00988-3	Third Party Advisory
https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4	Patch
https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*

History

03 Nov 2025, 20:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html -

Information

Published : 2025-02-11 23:15

Updated : 2025-11-03 20:15

NVD link : CVE-2022-37660

Mitre link : CVE-2022-37660

CVE.ORG link : CVE-2022-37660

JSON object : View

Products Affected

w1.fi

hostapd

CWE

CWE-323

Reusing a Nonce, Key Pair in Encryption

{"id": "CVE-2022-37660", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-02-11T23:15:08.140", "references": [{"url": "https://link.springer.com/article/10.1007/s10207-025-00988-3", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00019.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-323"}]}], "descriptions": [{"lang": "en", "value": "In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association."}, {"lang": "es", "value": "En hostapd 2.10 y versiones anteriores, el c\u00f3digo PKEX permanece activo incluso despu\u00e9s de una asociaci\u00f3n PKEX exitosa. Un atacante que haya iniciado con \u00e9xito claves p\u00fablicas con otra entidad que usa PKEX en el pasado, podr\u00e1 subvertir una futura iniciaci\u00f3n observando pasivamente las claves p\u00fablicas, reutilizando el elemento de cifrado Qi y rest\u00e1ndolo del mensaje capturado M (X = M - Qi). Esto dar\u00e1 como resultado la clave p\u00fablica ef\u00edmera X; el \u00fanico elemento necesario para subvertir la asociaci\u00f3n PKEX."}], "lastModified": "2025-11-03T20:15:55.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F8C7AC9-6C6F-4BCE-B72D-5D3E03D32795", "versionEndIncluding": "2.10"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}