5 matches found
CVE-2020-24587
CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...
CVE-2020-24588
The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...
CVE-2020-26139
CVE-2020-26139 affects NetBSD 7.1 kernel as described in connected documents. An Access Point forwards EAPOL frames to other clients before the sender has successfully authenticated, which may enable denial-of-service attacks against connected clients in Wi‑Fi networks and could facilitate exploi...
CVE-2020-26140
The CVE-2020-26140 entry is covered in ARISTA Security Advisory 0063, which groups it under the FragAttacks fragmentation/aggregation vulnerabilities. The advisory states that plaintext data frames are accepted on encrypted networks, enabling packet injection. Fixes are provided as platform-speci...
CVE-2020-3143
The CVE-2020-3143 issue affects Cisco TelePresence CE/TC/RoomOS software via the xAPI in the video endpoint API, where insufficient input validation allows directory traversal to read/write arbitrary files. Exploitation requires an authenticated In‑Room Control or administrator account, with netw...