2.6 Low
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1.8 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.0%
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and
WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that all fragments
of a frame are encrypted under the same key. An adversary can abuse this to
decrypt selected fragments when another device sends fragmented frames and
the WEP, CCMP, or GCMP encryption key is periodically renewed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux-oracle-5.8 | < 5.8.0-1033.34~20.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-riscv-5.8 | < 5.8.0-29.31~20.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.8 | < 5.8.0-1038.40~20.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.8 | < 5.8.0-1036.38~20.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp-5.8 | < 5.8.0-1035.37~20.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < 5.4.0-1013.16 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop-5.15 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde | < 5.4.0-1051.53 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1109.116 | UNKNOWN |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587
launchpad.net/bugs/cve/CVE-2020-24587
nvd.nist.gov/vuln/detail/CVE-2020-24587
papers.mathyvanhoef.com/usenix2021.pdf
security-tracker.debian.org/tracker/CVE-2020-24587
ubuntu.com/security/notices/USN-4997-1
ubuntu.com/security/notices/USN-4997-2
ubuntu.com/security/notices/USN-4999-1
ubuntu.com/security/notices/USN-5000-1
ubuntu.com/security/notices/USN-5000-2
ubuntu.com/security/notices/USN-5001-1
ubuntu.com/security/notices/USN-5018-1
2.6 Low
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1.8 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.0%