Strix
26.1K

CVE-2020-26141

MEDIUMCVSS 6.5/10EPSS 3.07%

Last modified

CVE-2020-26141 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. EPSS estimates a 3.07% chance of exploitation in the next 30 days.

Description

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
3.07%

86.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AlfaAwus036h Firmware6.1316.1209
CiscoMeraki Gr10 Firmware< 27.7.1
CiscoMeraki Gr60 Firmware< 27.7.1
CiscoMeraki Mr20 Firmware< 27.7.1
CiscoMeraki Mr30h Firmware< 27.7.1
CiscoMeraki Mr33 Firmware< 27.7.1
CiscoMeraki Mr36 Firmware< 27.7.1
CiscoMeraki Mr42 Firmware< 27.7.1
CiscoMeraki Mr42e Firmware< 27.7.1
CiscoMeraki Mr44 Firmware< 27.7.1
CiscoMeraki Mr45 Firmware< 27.7.1
CiscoMeraki Mr46 Firmware< 27.7.1
CiscoMeraki Mr46e Firmware< 27.7.1
CiscoMeraki Mr52 Firmware< 27.7.1
CiscoMeraki Mr53 Firmware< 27.7.1
CiscoMeraki Mr53e Firmware< 27.7.1
CiscoMeraki Mr55 Firmware< 27.7.1
CiscoMeraki Mr56 Firmware< 27.7.1
CiscoMeraki Mr70 Firmware< 27.7.1
CiscoMeraki Mr74 Firmware< 27.7.1
CiscoMeraki Mr76 Firmware< 27.7.1
CiscoMeraki Mr84 Firmware< 27.7.1
CiscoMeraki Mr86 Firmware< 27.7.1
CiscoMeraki Mr12 Firmware< 26.8.3
CiscoMeraki Mr18 Firmware< 26.8.3
CiscoMeraki Mr26 Firmware< 26.8.3
CiscoMeraki Mr32 Firmware< 26.8.3
CiscoMeraki Mr34 Firmware< 26.8.3
CiscoMeraki Mr62 Firmware< 26.8.3
CiscoMeraki Mr66 Firmware< 26.8.3
CiscoMeraki Mr72 Firmware< 26.8.3
CiscoMeraki Mx64w Firmware< 17.0
CiscoMeraki Mx65w Firmware< 17.0
CiscoMeraki Mx67w Firmware< 17.0
CiscoMeraki Mx67cw Firmware< 17.0
CiscoMeraki Mx68w Firmware< 17.0
CiscoMeraki Mx68cw Firmware< 17.0
CiscoMeraki Z3 Firmware< 17.0
CiscoMeraki Z3c Firmware< 17.0
CiscoWireless Ip Phone 8821 Firmware< 11.0\(6\)sr2
CiscoIp Phone 6861 Firmware< 11.3\(5\)
CiscoIp Phone 8861 Firmware< 11.3\(5\)
CiscoIp Phone 8861 Firmware< 14.1\(1\)
CiscoIp Phone 8865 Firmware< 14.1\(1\)
CiscoIp Conference Phone 8832 Firmware< 14.1\(1\)
CiscoWebex Room Series Firmware< 1.2\(0\)sr1
CiscoWebex Desk Series Firmware< 1.2\(0\)sr1
CiscoWebex Board Series Firmware< 10.8.2.5
CiscoWebex Wireless Phone 860 Firmware< 1.4\(0\)
CiscoWebex Wireless Phone 840 Firmware< 1.4\(0\)

Showing 50 of 96 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-26141?
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
How severe is CVE-2020-26141?
CVE-2020-26141 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 3.07% probability of exploitation in the next 30 days.
How do I fix CVE-2020-26141?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-26141?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST