The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

References

www.openwall.com/lists/oss-security/2021/05/11/12

cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

lists.debian.org/debian-lts-announce/2021/06/msg00019.html

lists.debian.org/debian-lts-announce/2021/06/msg00020.html

lists.debian.org/debian-lts-announce/2023/04/msg00002.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

www.fragattacks.com

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

nvd 1

cve 1

veracode 1

ubuntucve 1

mscve 1

debiancve 1

redhatcve 1

prion 1

nessus 68

hp 2

openvas 49

freebsd_advisory 1

lenovo 2

freebsd 1

intel 1

ics 3

mageia 2

oraclelinux 6

mskb 14

osv 10

checkpoint_security 1

debian 3

threatpost 1

suse 5

malwarebytes 1

hackerone 1

kaspersky 2

thn 1

cisco 1

arista 1

cloudfoundry 1

ubuntu 6

slackware 1

almalinux 1

redhat 4

rapid7blog 1

qualysblog 1

nvd

CVE-2020-24588

2021-05-11 20:15:08

cve

CVE-2020-24588

2021-05-11 20:15:08

veracode

Packet Injection

2021-11-17 22:37:10

ubuntucve

CVE-2020-24588

2021-05-11 00:00:00

mscve

Windows Wireless Networking Spoofing Vulnerability

2021-05-11 07:00:00

debiancve

CVE-2020-24588

2021-05-11 20:15:08

redhatcve

CVE-2020-24588

2021-05-13 05:56:34

prion

Design/Logic Flaw

2021-05-11 20:15:00

nessus

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-24588)

2024-03-18 00:00:00

Siemens SCALANCE FragAttacks (CVE-2020-24588)

2023-04-11 00:00:00

FreeBSD : FreeBSD-kernel -- Multiple WiFi issues (8d20bd48-a4f3-11ec-90de-1c697aa5a594)

2022-03-16 00:00:00

PC Wireless Wi-Fi Adapter Driver Security Updates August 2021

2021-08-27 00:00:00

Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi May 2021 Security Updates

2021-05-14 00:00:00

openvas

AVM FRITZ!Box Multiple Wi-Fi Vulnerabilities (FragAttacks)

2021-05-14 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0394-1)

2023-02-14 00:00:00

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:0394-1)

2024-03-04 00:00:00

freebsd_advisory

FreeBSD-SA-22:02.wifi

2022-03-15 00:00:00

lenovo

Intel® PROSet and Wireless WiFi, Intel vPro® CSME WiFi, and Intel® Killer™ WiFi Advisory - Lenovo Support NL

2021-05-11 20:39:26

Aggregation and Fragmentation Attacks against Wi-Fi (FragAttacks) Vulnerabilities - Lenovo Support NL

2021-06-07 20:37:01

freebsd

FreeBSD-kernel -- Multiple WiFi issues

2022-03-15 00:00:00

intel

Intel® PROSet/Wireless WiFi , Intel vPro® CSME WiFi and Killer™ WiFi Advisory Advisory

2021-05-11 00:00:00

ics

Mitsubishi Electric GT25-WLAN (Update A)

2022-05-12 12:00:00

Siemens SCALANCE FragAttacks

2022-04-14 12:00:00

Hitachi ABB Power Grids TropOS

2021-08-24 12:00:00

mageia

Updated kernel packages fix security vulnerabilities

2021-06-14 00:32:39

Updated kernel-linus packages fix security vulnerabilities

2021-06-14 00:32:39

oraclelinux

Unbreakable Enterprise kernel-container security update

2021-08-10 00:00:00

Unbreakable Enterprise kernel security update

2021-08-10 00:00:00

Unbreakable Enterprise kernel security update

2021-09-21 00:00:00

mskb

May 11, 2021—KB5003225 (Security-only update)

2021-05-11 07:00:00

May 11, 2021—KB5003210 (Monthly Rollup)

2021-05-11 07:00:00

May 11, 2021—KB5003203 (Security-only update)

2021-05-11 07:00:00

osv

firmware-nonfree - security update

2023-04-01 00:00:00

linux-kvm vulnerabilities

2021-06-25 19:56:40

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

2021-06-23 03:36:14

checkpoint_security

Check Point Response to Wi-Fi FragAttacks in Quantum Spark appliances

2021-06-09 23:24:30

debian

[SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)

2023-04-01 20:16:41

[SECURITY] [DLA 2690-1] linux-4.19 security update

2021-06-23 00:05:06

[SECURITY] [DLA 2689-1] linux security update

2021-06-23 00:11:57

threatpost

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices

2021-05-12 15:48:05

suse

Security update for the Linux Kernel (important)

2021-07-01 00:00:00

Security update for the Linux Kernel (important)

2021-06-06 00:00:00

Security update for the Linux Kernel (important)

2021-07-21 00:00:00

malwarebytes

FragAttack: New Wi-Fi vulnerabilities that affect… basically everything

2021-05-12 17:31:21

hackerone

Internet Bug Bounty: Fragmentation and Aggregation Flaws in Wi-Fi

2021-06-19 21:24:25

kaspersky

KLA12167 Multiple vulnerabilities in Microsoft Products (ESU)

2021-05-11 00:00:00

KLA12174 Multiple vulnerabilities in Microsoft Windows

2021-05-11 00:00:00

thn

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

2021-05-12 13:07:00

cisco

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

2021-05-11 18:00:00

arista

Security Advisory 0063

2021-05-12 00:00:00

cloudfoundry

USN-5000-1: Linux kernel vulnerabilities | Cloud Foundry

2021-07-08 00:00:00

ubuntu

Linux kernel (OEM) vulnerabilities

2021-06-23 00:00:00

Linux kernel vulnerabilities

2021-06-23 00:00:00

Linux kernel (KVM) vulnerabilities

2021-06-25 00:00:00

slackware

[slackware-security] Slackware 14.2 kernel

2021-07-21 05:44:30

almalinux

Moderate: kernel security, bug fix, and enhancement update

2021-11-09 09:08:02

redhat

(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update

2021-11-09 08:21:02

(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update

2021-11-09 09:08:02

(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update

2021-11-15 12:52:28

rapid7blog

Patch Tuesday - May 2021

2021-05-11 23:44:00

qualysblog

Microsoft & Adobe Patch Tuesday (May 2021) – Qualys covers 85 Vulnerabilities, 26 Critical

2021-05-11 21:53:37

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

70.7%

JSON

Related for CVELIST:CVE-2020-24588