CVE-2022-37660

Summary

CVE-2022-37660 is a vulnerability affecting hostapd versions 2.10 and earlier. The issue lies in the PKEX code, which remains active even after a successful PKEX association. An attacker who has previously bootstrapped public keys with another entity using PKEX can subvert future associations by passively observing public keys and calculating the public ephemeral key X. This is accomplished by re-using the encrypting element Qi and subtracting it from the captured message M. Successful exploitation of this vulnerability allows the attacker to subvert the PKEX association.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.