Cause
Several CVEs were published on Wi-Fi devices under the name FragAttacks. More information about them can be found at: <https://www.fragattacks.com/>
The list of new CVEs related to wireless security flaws with fragmented and aggregated frames, is relevant to Check Point Quantum Spark wireless products. All of the vulnerabilities are in the wireless medium and therefore require physical proximity to the appliance and can not be exploited just from any network.
These are the relevant CVEs:
CVE-2020-24586 – Not clearing fragments from memory when (re)connecting to a network
CVE-2020-26144 – Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network)
CVE-2020-26145 – Accepting plaintext broadcast fragments as full frames (in an encrypted network)
CVE-2020-26146 – Reassembling encrypted fragments with non-consecutive packet numbers
CVE-2020-26147 – Reassembling mixed encrypted/plaintext fragments
CVE-2020-24587 – Reassembling fragments encrypted under different keys
CVE-2020-24588 – Accepting non-SPP A-MSDU frames
CVE-2020-26139 – Forwarding EAPOL frames even though the sender is not yet authenticated
CVE-2020-26140 – Accepting plaintext data frames in a protected network
CVE-2020-26141 – Not verifying the TKIP MIC of fragmented frames
CVE-2020-26143 – Accepting fragmented plaintext data frames in a protected network
Solution
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version (700 / 1400 / 1500).