Lucene search

K
cve[email protected]CVE-2020-24586
HistoryMay 11, 2021 - 8:15 p.m.

CVE-2020-24586

2021-05-1120:15:08
web.nvd.nist.gov
294
7
802.11 standard
wi-fi protected access
wpa
wpa2
wpa3
wired equivalent privacy
wep
data exfiltration
network packets
vulnerability
nvd
cve-2020-24586

3.5 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

2.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

46.8%

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Affected configurations

NVD
Node
ieeeieee_802.11
Node
debiandebian_linuxMatch9.0
Node
linuxmac80211Match-
Node
aristac-250Match-
AND
aristac-250_firmwareRange<10.0.1-31
Node
aristac-260Match-
AND
aristac-260_firmwareRange<10.0.1-31
Node
aristac-230Match-
AND
aristac-230_firmwareRange<10.0.1-31
Node
aristac-235Match-
AND
aristac-235_firmwareRange<10.0.1-31
Node
aristac-200Match-
AND
aristac-200_firmwareRange<11.0.0-36
Node
intelax210Match-
AND
intelax210_firmwareRange<22.30.0.11
Node
intelax201Match-
AND
intelax201_firmwareRange<22.30.0.11
Node
intelax200_firmwareRange<22.30.0.11
AND
intelax200Match-
Node
intelac_9560_firmwareRange<22.30.0.11
AND
intelac_9560Match-
Node
intelac_9462_firmwareRange<22.30.0.11
AND
intelac_9462Match-
Node
intelac_9461_firmwareRange<22.30.0.11
AND
intelac_9461Match-
Node
intelac_9260_firmwareRange<22.30.0.11
AND
intelac_9260Match-
Node
intelac_8265_firmwareRange<20.70.21.2
AND
intelac_8265Match-
Node
intelac_8260_firmwareRange<20.70.21.2
AND
intelac_8260Match-
Node
intelac_3168_firmwareRange<19.51.33.1
AND
intelac_3168Match-
Node
intelac_7265_firmwareRange<19.51.33.1
AND
intelac_7265Match-
Node
intelac_3165_firmwareRange<19.51.33.1
AND
intelac_3165Match-
Node
intelax1675_firmwareMatch-
AND
intelax1675Match-
Node
intelax1650_firmwareMatch-
AND
intelax1650Match-
Node
intelac_1550_firmwareMatch-
AND
intelac_1550Match-
Node
linuxlinux_kernelRange4.44.4.271
OR
linuxlinux_kernelRange4.94.9.271
OR
linuxlinux_kernelRange4.144.14.235
OR
linuxlinux_kernelRange4.194.19.193
OR
linuxlinux_kernelRange5.45.4.124
OR
linuxlinux_kernelRange5.105.10.42
OR
linuxlinux_kernelRange5.125.12.9
CPENameOperatorVersion
ieee:ieee_802.11ieee ieee 802.11eq*

Social References

More

3.5 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

2.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

46.8%