CVE-2020-24586 LOW

Published: 2021-05-11 | Last Modified: 2024-11-21 | Status: Modified

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Additional Descriptions (1)

El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que los fragmentos recibidos se borren de la memoria después de (re)conectarse a una red. En las circunstancias adecuadas, cuando otro dispositivo envía tramas fragmentadas cifradas mediante WEP, CCMP o GCMP, se puede abusar de esto para inyectar paquetes de red arbitrarios y/o exfiltrar datos del usuario

CVSS Metrics

Base Score: 3.5 (LOW)

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector	ADJACENT_NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	REQUIRED
Scope	UNCHANGED
Confidentiality Impact	LOW
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.1

Impact Score: 1.4

Base Score: 2.9 (LOW)

AV:A/AC:M/Au:N/C:P/I:N/A:N

Access Vector	ADJACENT_NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 5.5

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-Other

Affected Products

Vendor	Product	Version	Update	Type
ieee	ieee_802.11	*	<built-in method update of dict object at 0x72a9cc60c5c0>	Application
debian	debian_linux	9.0	<built-in method update of dict object at 0x72a9b0736fc0>	Operating System
linux	mac80211	-	<built-in method update of dict object at 0x72a9cd07bd40>	Application
arista	c-250_firmware	*	<built-in method update of dict object at 0x72a9cdf33480>	Operating System
arista	c-260_firmware	*	<built-in method update of dict object at 0x72a9cd07b980>	Operating System
arista	c-230_firmware	*	<built-in method update of dict object at 0x72a9cd07b100>	Operating System
arista	c-235_firmware	*	<built-in method update of dict object at 0x72a9cc60c1c0>	Operating System
arista	c-200_firmware	*	<built-in method update of dict object at 0x72a9cd079600>	Operating System
intel	ax210_firmware	*	<built-in method update of dict object at 0x72a9cd0c08c0>	Operating System
intel	ax201_firmware	*	<built-in method update of dict object at 0x72a9cd07b580>	Operating System
intel	ax200_firmware	*	<built-in method update of dict object at 0x72a9cc5571c0>	Operating System
intel	ac_9560_firmware	*	<built-in method update of dict object at 0x72a9cd0c22c0>	Operating System
intel	ac_9462_firmware	*	<built-in method update of dict object at 0x72a9cc556200>	Operating System
intel	ac_9461_firmware	*	<built-in method update of dict object at 0x72a9cc60de80>	Operating System
intel	ac_9260_firmware	*	<built-in method update of dict object at 0x72a9b0c3d140>	Operating System
intel	ac_8265_firmware	*	<built-in method update of dict object at 0x72a9cd0c0940>	Operating System
intel	ac_8260_firmware	*	<built-in method update of dict object at 0x72a9b0736840>	Operating System
intel	ac_3168_firmware	*	<built-in method update of dict object at 0x72a9cd0c20c0>	Operating System
intel	ac_7265_firmware	*	<built-in method update of dict object at 0x72a9cd079640>	Operating System
intel	ac_3165_firmware	*	<built-in method update of dict object at 0x72a9cd0791c0>	Operating System
intel	ax1675_firmware	-	<built-in method update of dict object at 0x72a9cc556bc0>	Operating System
intel	ax1650_firmware	-	<built-in method update of dict object at 0x72a9cc46f340>	Operating System
intel	ac_1550_firmware	-	<built-in method update of dict object at 0x72a9cd0c0180>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0736740>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cc46d340>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cc60df00>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0735b40>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cd07bb40>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cc46dec0>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cc60ea80>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:ieee:ieee_802.11::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:linux:mac80211:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:arista:c-250_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:arista:c-250:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:arista:c-260_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:arista:c-260:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:arista:c-230_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:arista:c-230:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:arista:c-235_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:arista:c-235:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:arista:c-200_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:arista:c-200:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ax210_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ax210:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ax201_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ax201:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ax200_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ax200:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_9560_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_9560:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_9462_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_9462:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_9461_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_9461:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_9260_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_9260:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_8265_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_8265:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_8260_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_8260:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_3168_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_3168:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_7265_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_7265:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_3165_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_3165:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ax1675_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ax1675:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ax1650_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ax1650:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:intel:ac_1550_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:intel:ac_1550:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`

References

http://www.openwall.com/lists/oss-security/2021/05/11/12
Source: [email protected]

Mailing List Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Source: [email protected]

Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Source: [email protected]

Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Source: [email protected]

Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
Source: [email protected]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
Source: [email protected]

Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
Source: [email protected]

Third Party Advisory
https://www.fragattacks.com
Source: [email protected]

Exploit Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Source: [email protected]

Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/12
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.fragattacks.com
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory