CVE-2020-26145

EPSS 4.06%
Veröffentlicht 11.05.2021 20:15:08
Zuletzt bearbeitet 21.11.2024 05:19:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samsung ≫ Galaxy I9305 Firmware Version4.4.4

Samsung ≫ Galaxy I9305 Version-

Siemens ≫ 6gk5763-1al00-7da0 Firmware Version < 1.2

Siemens ≫ 6gk5763-1al00-7da0 Version-

Siemens ≫ 6gk5766-1ge00-7da0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1ge00-7da0 Version-

Siemens ≫ 6gk5766-1ge00-7db0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1ge00-7db0 Version-

Siemens ≫ 6gk5766-1je00-7da0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1je00-7da0 Version-

Siemens ≫ 6gk5766-1ge00-7ta0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1ge00-7ta0 Version-

Siemens ≫ 6gk5766-1ge00-7tb0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1ge00-7tb0 Version-

Siemens ≫ 6gk5766-1je00-7ta0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1je00-7ta0 Version-

Siemens ≫ 6gk5763-1al00-3aa0 Firmware Version < 1.2

Siemens ≫ 6gk5763-1al00-3aa0 Version-

Siemens ≫ 6gk5763-1al00-3da0 Firmware Version < 1.2

Siemens ≫ 6gk5763-1al00-3da0 Version-

Siemens ≫ 6gk5766-1ge00-3da0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1ge00-3da0 Version-

Siemens ≫ 6gk5766-1ge00-3db0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1ge00-3db0 Version-

Siemens ≫ 6gk5766-1je00-3da0 Firmware Version < 1.2

Siemens ≫ 6gk5766-1je00-3da0 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.06%	0.88

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2021/05/11/12

Third Party Advisory

Mailing List

https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

Third Party Advisory

https://www.fragattacks.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-26145

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26145

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26145

EUVD