Vulnerabilities > CVE-2019-12586 - Unspecified vulnerability in Espressif Arduino-Esp32, Esp-Idf and Esp8266 Nonos SDK

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

low complexity

espressif

NVD

Published: 2019-09-04

Updated: 2020-08-24

Summary

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Vulnerable Configurations

Part	Description	Count
Application	Espressif Espressif Arduino Esp32 - Espressif Arduino Esp32 1.0.0 Espressif Arduino Esp32 1.0.1 Espressif Arduino Esp32 1.0.2 Espressif Arduino Esp32 1.0.3 Espressif ESP IDF 2.0.0 Espressif ESP IDF 2.1 Espressif ESP IDF 2.1.1 Espressif ESP IDF 3.0 Espressif ESP IDF 3.0.1 Espressif ESP IDF 3.0.2 Espressif ESP IDF 3.0.3 Espressif ESP IDF 3.0.4 Espressif ESP IDF 3.0.5 Espressif ESP IDF 3.0.6 Espressif ESP IDF 3.0.7 Espressif ESP IDF 3.0.8 Espressif ESP IDF 3.0.9 Espressif ESP IDF 3.1 Espressif ESP IDF 3.1.1 Espressif ESP IDF 3.1.2 Espressif ESP IDF 3.1.3 Espressif ESP IDF 3.1.4 Espressif ESP IDF 3.1.5 Espressif ESP IDF 3.1.6 Espressif ESP IDF 3.2 Espressif ESP IDF 3.2.1 Espressif ESP IDF 3.2.2 Espressif ESP IDF 3.2.3 Espressif ESP IDF 3.3 Espressif ESP IDF 3.3.1 Espressif ESP IDF 4.0 Espressif ESP IDF 4.0.0 Espressif Esp8266 Nonos SDK 2.2.0 Espressif Esp8266 Nonos SDK 2.2.1 Espressif Esp8266 Nonos SDK 3.0 Espressif Esp8266 Nonos SDK 3.0.0	68

Summary

Vulnerable Configurations

References