3.5

CVE-2020-24586

Exploit
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version9.0
LinuxMac80211 Version-
AristaC-250 Firmware Version < 10.0.1-31
   AristaC-250 Version-
AristaC-260 Firmware Version < 10.0.1-31
   AristaC-260 Version-
AristaC-230 Firmware Version < 10.0.1-31
   AristaC-230 Version-
AristaC-235 Firmware Version < 10.0.1-31
   AristaC-235 Version-
AristaC-200 Firmware Version < 11.0.0-36
   AristaC-200 Version-
IntelAx210 Firmware Version < 22.30.0.11
   IntelAx210 Version-
IntelAx201 Firmware Version < 22.30.0.11
   IntelAx201 Version-
IntelAx200 Firmware Version < 22.30.0.11
   IntelAx200 Version-
IntelAc 9560 Firmware Version < 22.30.0.11
   IntelAc 9560 Version-
IntelAc 9462 Firmware Version < 22.30.0.11
   IntelAc 9462 Version-
IntelAc 9461 Firmware Version < 22.30.0.11
   IntelAc 9461 Version-
IntelAc 9260 Firmware Version < 22.30.0.11
   IntelAc 9260 Version-
IntelAc 8265 Firmware Version < 20.70.21.2
   IntelAc 8265 Version-
IntelAc 8260 Firmware Version < 20.70.21.2
   IntelAc 8260 Version-
IntelAc 3168 Firmware Version < 19.51.33.1
   IntelAc 3168 Version-
IntelAc 7265 Firmware Version < 19.51.33.1
   IntelAc 7265 Version-
IntelAc 3165 Firmware Version < 19.51.33.1
   IntelAc 3165 Version-
IntelAx1675 Firmware Version-
   IntelAx1675 Version-
IntelAx1650 Firmware Version-
   IntelAx1650 Version-
IntelAc 1550 Firmware Version-
   IntelAc 1550 Version-
LinuxLinux Kernel Version >= 4.4 < 4.4.271
LinuxLinux Kernel Version >= 4.9 < 4.9.271
LinuxLinux Kernel Version >= 4.14 < 4.14.235
LinuxLinux Kernel Version >= 4.19 < 4.19.193
LinuxLinux Kernel Version >= 5.4 < 5.4.124
LinuxLinux Kernel Version >= 5.10 < 5.10.42
LinuxLinux Kernel Version >= 5.12 < 5.12.9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.77% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 2.1 1.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov 2.9 5.5 2.9
AV:A/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
http://www.openwall.com/lists/oss-security/2021/05/11/12
Third Party Advisory
Mailing List
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
Third Party Advisory
https://www.fragattacks.com
Third Party Advisory
Exploit
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Third Party Advisory