Lucene search

K
freebsdFreeBSD8D20BD48-A4F3-11EC-90DE-1C697AA5A594
HistoryMar 15, 2022 - 12:00 a.m.

FreeBSD-kernel -- Multiple WiFi issues

2022-03-1500:00:00
vuxml.freebsd.org
51

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

65.0%

Problem Description:
The paper “Fragment and Forge: Breaking Wi-Fi Through Frame
Aggregation and Fragmentation” reported a number of security
vulnerabilities in the 802.11 specification related to frame
aggregation and fragmentation.
Additionally, FreeBSD 12.x missed length validation of SSIDs and
Information Elements (IEs).
Impact:
As reported on the FragAttacks website, the “design flaws are hard
to abuse because doing so requires user interaction or is only
possible when using uncommon network settings.” Under suitable
conditions an attacker may be able to extract sensitive data or inject
data.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd-kernel= 13.0UNKNOWN
FreeBSDanynoarchfreebsd-kernel< 13.0_8UNKNOWN

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

65.0%