CVE-2020-24586

moderate-risk

Published 2021-05-11

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Do I need to act?

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Ieee 802.11

Debian Linux

Mac80211

C-250 Firmware

C-260 Firmware

C-230 Firmware

C-235 Firmware

C-200 Firmware

Ax210 Firmware

Ax201 Firmware

Ax200 Firmware

Ac 9560 Firmware

Ac 9462 Firmware

Ac 9461 Firmware

Ac 9260 Firmware

Ac 8265 Firmware

Ac 8260 Firmware

Ac 3168 Firmware

Ac 7265 Firmware

Ac 3165 Firmware

Affected Vendors

Debian Linux Intel Ieee Arista

References (18)

Mailing List http://www.openwall.com/lists/oss-security/2021/05/11/12

Third Party Advisory https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html

Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-w...

Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s...

Exploit https://www.fragattacks.com

Third Party Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473....