CVE-2020-24588

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

References

https://www.fragattacks.com

https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

http://www.openwall.com/lists/oss-security/2021/05/11/12

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Details

Source: MITRE

Published: 2021-05-11

Updated: 2021-10-28

Type: CWE-306

Risk Information

CVSS v2

Base Score: 2.9

Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 5.5

Severity: LOW

CVSS v3

Base Score: 3.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 2.1

Severity: LOW

Tenable Plugins

View all (50 total)

IDNameProductFamilySeverity
155425Oracle Linux 8 : kernel (ELSA-2021-4356)NessusOracle Linux Local Security Checks
high
155219RHEL 8 : kernel (RHSA-2021:4356)NessusRed Hat Local Security Checks
high
155172RHEL 8 : kernel-rt (RHSA-2021:4140)NessusRed Hat Local Security Checks
high
155145CentOS 8 : kernel (CESA-2021:4356)NessusCentOS Local Security Checks
high
155142EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-2663)NessusHuawei Local Security Checks
high
155070CentOS 8 : kernel-rt (CESA-2021:4140)NessusCentOS Local Security Checks
high
154016OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0035)NessusOracleVM Local Security Checks
high
153703EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2530)NessusHuawei Local Security Checks
high
153582OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0031)NessusOracleVM Local Security Checks
critical
153557Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9459)NessusOracle Linux Local Security Checks
critical
153131Ubuntu 20.04 LTS : Linux kernel (KVM) vulnerabilities (USN-5000-2)NessusUbuntu Local Security Checks
high
153127Ubuntu 21.04 : Linux kernel (KVM) vulnerabilities (USN-4997-2)NessusUbuntu Local Security Checks
medium
152389Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9406)NessusOracle Linux Local Security Checks
high
152382Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9404)NessusOracle Linux Local Security Checks
high
152055SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2451-1)NessusSuSE Local Security Checks
high
151998SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2422-1)NessusSuSE Local Security Checks
high
151989SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151986SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)NessusSuSE Local Security Checks
high
151935openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151897Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-202-01)NessusSlackware Local Security Checks
high
151878SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2406-1)NessusSuSE Local Security Checks
high
151756openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
151730openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
151658SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2349-1)NessusSuSE Local Security Checks
high
151653SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2324-1)NessusSuSE Local Security Checks
high
151649SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2321-1)NessusSuSE Local Security Checks
high
151618SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14764-1)NessusSuSE Local Security Checks
high
151280openSUSE 15 Security Update : kernel (openSUSE-SU-2021:0947-1)NessusSuSE Local Security Checks
high
151205SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2208-1)NessusSuSE Local Security Checks
high
150985Debian DLA-2689-1 : linux security updateNessusDebian Local Security Checks
high
150984Debian DLA-2690-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
150957Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5000-1)NessusUbuntu Local Security Checks
high
150955Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5001-1)NessusUbuntu Local Security Checks
medium
150954Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4999-1)NessusUbuntu Local Security Checks
high
150953Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4997-1)NessusUbuntu Local Security Checks
medium
150927SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
150901SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
150696SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1888-1)NessusSuSE Local Security Checks
high
150407SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1890-1)NessusSuSE Local Security Checks
high
150401SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1889-1)NessusSuSE Local Security Checks
high
150315openSUSE Security Update : the Linux Kernel (openSUSE-2021-843)NessusSuSE Local Security Checks
high
149440KB5003208: Windows Server 2012 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149398KB5003173: Windows 10 version 2004 / Windows 10 version 20H2 Security Update (May 2021)NessusWindows : Microsoft Bulletins
critical
149396KB5003172: Windows 10 version 1507 LTS Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149392KB5003233: Windows Server 2008 R2 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149391KB5003174: Windows 10 version 1803 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149390KB5003197: Windows 10 1607 / Windows Server 2016 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149389KB5003210: Windows Server 2008 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149383KB5003169: Windows 10 version 1909 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149382KB5003171: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high