10 matches found
CVE-2020-24587
CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...
CVE-2020-24588
The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...
CVE-2020-26141
CVE-2020-26141 affects the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi‑Fi stack does not verify the Message Integrity Check for fragmented TKIP frames, allowing an adjacent attacker to inject and potentially decrypt packets in WPA/WPA2 TKIP networks. The provided connected documents d...
CVE-2020-26139
CVE-2020-26139 affects NetBSD 7.1 kernel as described in connected documents. An Access Point forwards EAPOL frames to other clients before the sender has successfully authenticated, which may enable denial-of-service attacks against connected clients in Wi‑Fi networks and could facilitate exploi...
CVE-2020-26140
The CVE-2020-26140 entry is covered in ARISTA Security Advisory 0063, which groups it under the FragAttacks fragmentation/aggregation vulnerabilities. The advisory states that plaintext data frames are accepted on encrypted networks, enabling packet injection. Fixes are provided as platform-speci...
CVE-2023-20078
Cisco IP Phones (6800, 7800, 7900, 8800 series) web-based management interface contains multiple vulnerabilities due to insufficient input validation that can allow an unauthenticated attacker to execute arbitrary code (CVE-2023-20078) or cause a DoS (CVE-2023-20079). Cisco cites a command-inject...
CVE-2023-20079
CVE-2023-20079 affects Cisco IP Phones (6800/7800/7900/8800 series) via the web-based management interface. The root cause is insufficient validation of user-supplied input in the web UI, enabling an unauthenticated, remote attacker to trigger a denial-of-service condition (DoS). Public details i...
CVE-2019-16008
Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware expose a cross-site scripting (XSS) vulnerability in the web‑based GUI due to insufficient input validation. An authenticated, remote attacker could entice a user to click a crafted link, allowing arbitrary script execution or acces...
CVE-2020-3111
CVE-2020-3111 is a Cisco CDP vulnerability in Cisco IP Phones that allows an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload (DoS) by sending crafted CDP packets. Root cause: missing checks when processing CDP messages in the Layer 2 CDP implemen...
CVE-2022-20774
CVE-2022-20774 affects Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware. The issue is an insufficient CSRF protection in the web-based management interface, enabling an unauthenticated attacker to induce a logged-in user to perform actions via a crafted link. Successful expl...