Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24586


The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.


Published

2021-05-11T20:15:08.537

Last Modified

2024-11-21T05:15:03.803

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

5.5

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ieee ieee_802.11 * Yes
Operating System debian debian_linux 9.0 Yes
Application linux mac80211 - Yes
Operating System arista c-250_firmware < 10.0.1-31 Yes
Hardware arista c-250 - No
Operating System arista c-260_firmware < 10.0.1-31 Yes
Hardware arista c-260 - No
Operating System arista c-230_firmware < 10.0.1-31 Yes
Hardware arista c-230 - No
Operating System arista c-235_firmware < 10.0.1-31 Yes
Hardware arista c-235 - No
Operating System arista c-200_firmware < 11.0.0-36 Yes
Hardware arista c-200 - No
Operating System intel ax210_firmware < 22.30.0.11 Yes
Hardware intel ax210 - No
Operating System intel ax201_firmware < 22.30.0.11 Yes
Hardware intel ax201 - No
Operating System intel ax200_firmware < 22.30.0.11 Yes
Hardware intel ax200 - No
Operating System intel ac_9560_firmware < 22.30.0.11 Yes
Hardware intel ac_9560 - No
Operating System intel ac_9462_firmware < 22.30.0.11 Yes
Hardware intel ac_9462 - No
Operating System intel ac_9461_firmware < 22.30.0.11 Yes
Hardware intel ac_9461 - No
Operating System intel ac_9260_firmware < 22.30.0.11 Yes
Hardware intel ac_9260 - No
Operating System intel ac_8265_firmware < 20.70.21.2 Yes
Hardware intel ac_8265 - No
Operating System intel ac_8260_firmware < 20.70.21.2 Yes
Hardware intel ac_8260 - No
Operating System intel ac_3168_firmware < 19.51.33.1 Yes
Hardware intel ac_3168 - No
Operating System intel ac_7265_firmware < 19.51.33.1 Yes
Hardware intel ac_7265 - No
Operating System intel ac_3165_firmware < 19.51.33.1 Yes
Hardware intel ac_3165 - No
Operating System intel ax1675_firmware - Yes
Hardware intel ax1675 - No
Operating System intel ax1650_firmware - Yes
Hardware intel ax1650 - No
Operating System intel ac_1550_firmware - Yes
Hardware intel ac_1550 - No
Operating System linux linux_kernel < 4.4.271 Yes
Operating System linux linux_kernel < 4.9.271 Yes
Operating System linux linux_kernel < 4.14.235 Yes
Operating System linux linux_kernel < 4.19.193 Yes
Operating System linux linux_kernel < 5.4.124 Yes
Operating System linux linux_kernel < 5.10.42 Yes
Operating System linux linux_kernel < 5.12.9 Yes

References