CVE-2020-24587

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

References

https://www.fragattacks.com

https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

http://www.openwall.com/lists/oss-security/2021/05/11/12

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Details

Source: MITRE

Published: 2021-05-11

Updated: 2021-10-28

Type: CWE-326

Risk Information

CVSS v2

Base Score: 1.8

Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.2

Severity: LOW

CVSS v3

Base Score: 2.6

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 1.2

Severity: LOW

Tenable Plugins

View all (50 total)

IDNameProductFamilySeverity
155425Oracle Linux 8 : kernel (ELSA-2021-4356)NessusOracle Linux Local Security Checks
high
155219RHEL 8 : kernel (RHSA-2021:4356)NessusRed Hat Local Security Checks
high
155172RHEL 8 : kernel-rt (RHSA-2021:4140)NessusRed Hat Local Security Checks
high
155145CentOS 8 : kernel (CESA-2021:4356)NessusCentOS Local Security Checks
high
155142EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-2663)NessusHuawei Local Security Checks
high
155070CentOS 8 : kernel-rt (CESA-2021:4140)NessusCentOS Local Security Checks
high
154016OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0035)NessusOracleVM Local Security Checks
high
153703EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2530)NessusHuawei Local Security Checks
high
153582OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0031)NessusOracleVM Local Security Checks
critical
153557Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9459)NessusOracle Linux Local Security Checks
critical
153131Ubuntu 20.04 LTS : Linux kernel (KVM) vulnerabilities (USN-5000-2)NessusUbuntu Local Security Checks
high
153127Ubuntu 21.04 : Linux kernel (KVM) vulnerabilities (USN-4997-2)NessusUbuntu Local Security Checks
medium
152389Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9406)NessusOracle Linux Local Security Checks
high
152382Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9404)NessusOracle Linux Local Security Checks
high
152055SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2451-1)NessusSuSE Local Security Checks
high
151986SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)NessusSuSE Local Security Checks
high
151920Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5018-1)NessusUbuntu Local Security Checks
high
151897Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-202-01)NessusSlackware Local Security Checks
high
151878SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2406-1)NessusSuSE Local Security Checks
high
151756openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
151730openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
151618SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14764-1)NessusSuSE Local Security Checks
high
151280openSUSE 15 Security Update : kernel (openSUSE-SU-2021:0947-1)NessusSuSE Local Security Checks
high
151205SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2208-1)NessusSuSE Local Security Checks
high
150985Debian DLA-2689-1 : linux security updateNessusDebian Local Security Checks
high
150984Debian DLA-2690-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
150957Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5000-1)NessusUbuntu Local Security Checks
high
150955Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5001-1)NessusUbuntu Local Security Checks
medium
150954Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4999-1)NessusUbuntu Local Security Checks
high
150953Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4997-1)NessusUbuntu Local Security Checks
medium
150927SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
150901SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
150696SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1888-1)NessusSuSE Local Security Checks
high
150687SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1899-1)NessusSuSE Local Security Checks
high
150472SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:1913-1)NessusSuSE Local Security Checks
high
150470SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1912-1)NessusSuSE Local Security Checks
high
150413SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1887-1)NessusSuSE Local Security Checks
high
150407SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1890-1)NessusSuSE Local Security Checks
high
150401SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1889-1)NessusSuSE Local Security Checks
high
150396SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1891-1)NessusSuSE Local Security Checks
high
150315openSUSE Security Update : the Linux Kernel (openSUSE-2021-843)NessusSuSE Local Security Checks
high
149440KB5003208: Windows Server 2012 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149398KB5003173: Windows 10 version 2004 / Windows 10 version 20H2 Security Update (May 2021)NessusWindows : Microsoft Bulletins
critical
149396KB5003172: Windows 10 version 1507 LTS Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149392KB5003233: Windows Server 2008 R2 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149391KB5003174: Windows 10 version 1803 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149390KB5003197: Windows 10 1607 / Windows Server 2016 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149389KB5003210: Windows Server 2008 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149383KB5003169: Windows 10 version 1909 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149382KB5003171: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high