CVE-2020-24588
⚪ Do wiadomości
Wstrzyknięcie pakietów w urządzeniach Wi-Fi umożliwia atakującemu manipulację ruchem sieciowym.
CVSS
3.5
EPSS
0.3%
Exploit
poc
Vendor
cisco
Opis źródłowy (NVD)
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2021-05-11 20:15:08 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-14 09:16:20 UTC |
Referencje
- http://www.openwall.com/lists/oss-security/2021/05/11/12 (cve@mitre.org) [Mailing List, Third Party Advisory]
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf (cve@mitre.org) [Third Party Advisory]
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md (cve@mitre.org) [Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html (cve@mitre.org) [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html (cve@mitre.org) [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html (cve@mitre.org)
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (cve@mitre.org) [Third Party Advisory]
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 (cve@mitre.org) [Third Party Advisory]
- https://www.fragattacks.com (cve@mitre.org) [Exploit, Third Party Advisory]
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html (cve@mitre.org) [Third Party Advisory]
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html (0b142b55-0307-4c5a-b3c9-f314f3fb7c5e)
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html (0b142b55-0307-4c5a-b3c9-f314f3fb7c5e)