Vulnerabilities:
CVE-2023-52160 (wpa_supplicant) and CVE-2023-52161 (Intel’s iNet Wireless Daemon) allow attackers to:
- Trick users into joining fake Wi-Fi networks: Attackers can create malicious clones of legitimate networks and steal user data.
- Gain unauthorized access to secure Wi-Fi networks: Attackers can join password-protected networks without needing the password, putting devices and data at risk.
Affected devices:
- CVE-2023-52160: Android devices using wpa_supplicant versions 2.10 and prior (requires specific configuration).
- CVE-2023-52161: Linux devices using iNet Wireless Daemon versions 2.12 and lower (any network using a Linux access point).
Mitigation:
- Update your Linux distribution and ChromeOS (version 118 or later).
- Android fix not yet available, but manually configure CA certificate for any saved enterprise networks as a temporary workaround.
Exploitation:
- Attacker needs SSID and physical proximity for CVE-2023-52160.
- CVE-2023-52161 requires no special knowledge, affecting any vulnerable network.
Links:
I just verified personally that it was present on unifi devices, since their docs weren’t clear. We are a mostly cisco/aruba shop where I work, but a lot of my colleagues at smaller businesses/universities use radius with unifi access points. I imagine they are vulnerable to this.
You are correct though in assessing that homelab users and very small enterprise users are probably safe.