CVE-2020-24586
Last modified
CVE-2020-24586 is a low-severity vulnerability rated 3.5/10 on the CVSS scale. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.. EPSS estimates a 5.76% chance of exploitation in the next 30 days.
Description
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ieee | Ieee 802.11 | All versions |
| Debian | Debian Linux | 9.0 |
| Linux | Mac80211 | All versions |
| Arista | C-250 Firmware | < 10.0.1-31 |
| Arista | C-260 Firmware | < 10.0.1-31 |
| Arista | C-230 Firmware | < 10.0.1-31 |
| Arista | C-235 Firmware | < 10.0.1-31 |
| Arista | C-200 Firmware | < 11.0.0-36 |
| Intel | Ax210 Firmware | < 22.30.0.11 |
| Intel | Ax201 Firmware | < 22.30.0.11 |
| Intel | Ax200 Firmware | < 22.30.0.11 |
| Intel | Ac 9560 Firmware | < 22.30.0.11 |
| Intel | Ac 9462 Firmware | < 22.30.0.11 |
| Intel | Ac 9461 Firmware | < 22.30.0.11 |
| Intel | Ac 9260 Firmware | < 22.30.0.11 |
| Intel | Ac 8265 Firmware | < 20.70.21.2 |
| Intel | Ac 8260 Firmware | < 20.70.21.2 |
| Intel | Ac 3168 Firmware | < 19.51.33.1 |
| Intel | Ac 7265 Firmware | < 19.51.33.1 |
| Intel | Ac 3165 Firmware | < 19.51.33.1 |
| Intel | Ax1675 Firmware | All versions |
| Intel | Ax1650 Firmware | All versions |
| Intel | Ac 1550 Firmware | All versions |
| Linux | Linux Kernel | >= 4.4, < 4.4.271 |
| Linux | Linux Kernel | >= 4.9, < 4.9.271 |
| Linux | Linux Kernel | >= 4.14, < 4.14.235 |
| Linux | Linux Kernel | >= 4.19, < 4.19.193 |
| Linux | Linux Kernel | >= 5.4, < 5.4.124 |
| Linux | Linux Kernel | >= 5.10, < 5.10.42 |
| Linux | Linux Kernel | >= 5.12, < 5.12.9 |
References
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List, Third Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List, Third Party Advisory
- https://www.fragattacks.comExploit, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List, Third Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List, Third Party Advisory
- https://www.fragattacks.comExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-24586?
How severe is CVE-2020-24586?
How do I fix CVE-2020-24586?
Are you affected by CVE-2020-24586?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST