CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
46.5%
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
Vendor | Product | Version | CPE |
---|---|---|---|
samsung | galaxy_i9305_firmware | 4.4.4 | cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:* |
samsung | galaxy_i9305 | - | cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:* |
arista | c-250_firmware | * | cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:* |
arista | c-250 | - | cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:* |
arista | c-260_firmware | * | cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:* |
arista | c-260 | - | cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:* |
arista | c-230_firmware | * | cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:* |
arista | c-230 | - | cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:* |
arista | c-235_firmware | * | cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:* |
arista | c-235 | - | cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2021/05/11/12
cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
www.fragattacks.com
More
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
46.5%