[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-24586Date: (C)2021-05-13   (M)2024-06-14


The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 3.5CVSS Score : 2.9
Exploit Score: 2.1Exploit Score: 5.5
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: ADJACENT_NETWORKAccess Vector: ADJACENT_NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
http://www.openwall.com/lists/oss-security/2021/05/11/12
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
https://www.fragattacks.com
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

OVAL    37
oval:org.secpod.oval:def:706067
oval:org.secpod.oval:def:74538
oval:org.secpod.oval:def:74536
oval:org.secpod.oval:def:74537
...

© SecPod Technologies