Vulnerability CVE-2020-24588


Published: 2021-05-11

Description:
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Type:

CWE-306

(Missing Authentication for Critical Function)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Linux -> Mac80211 
IEEE -> Ieee 802.11 

 References:
https://www.fragattacks.com
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
http://www.openwall.com/lists/oss-security/2021/05/11/12

Copyright 2024, cxsecurity.com

 

Back to Top