2.6 Low
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1.8 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.5%
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
Recent assessments:
2020Cyberworld at May 18, 2021 10:52pm UTC reported:
Attackers are able to sniff traffic from the incoming lan connection while using a MITM attack or a man in the browser attack. It seems more like a man in the lower attack because it will be as if two users are sending cmds to the same device at the same time. Over time what will happen is the attacker will lock down the access point, harden it then set your browser and internet access to a guest connection. You are able to login in to your router but not actually make changes… For example I could logon to the router at 192.168.1.1 configure it then connect remotely to it and it would connect to the same port only the ip would be 162.244.6.18. The router of in use doesn’t have WIFI but has an AP controller. Anyone else come across this .please im all ears. Thanks!
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
www.openwall.com/lists/oss-security/2021/05/11/12
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587
github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
lists.debian.org/debian-lts-announce/2021/06/msg00019.html
lists.debian.org/debian-lts-announce/2021/06/msg00020.html
lists.debian.org/debian-lts-announce/2023/04/msg00002.html
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
www.fragattacks.com
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
2.6 Low
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1.8 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.5%