CVE-2020-24588

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

References

https://www.fragattacks.com

https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

http://www.openwall.com/lists/oss-security/2021/05/11/12

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

Details

Source: MITRE

Published: 2021-05-11

Updated: 2021-08-09

Type: CWE-306

Risk Information

CVSS v2

Base Score: 2.9

Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 5.5

Severity: LOW

CVSS v3

Base Score: 3.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 2.1

Severity: LOW

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
153131Ubuntu 20.04 LTS : Linux kernel (KVM) vulnerabilities (USN-5000-2)NessusUbuntu Local Security Checks
high
153127Ubuntu 21.04 : Linux kernel (KVM) vulnerabilities (USN-4997-2)NessusUbuntu Local Security Checks
medium
152389Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9406)NessusOracle Linux Local Security Checks
high
152382Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9404)NessusOracle Linux Local Security Checks
high
152055SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2451-1)NessusSuSE Local Security Checks
high
151998SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2422-1)NessusSuSE Local Security Checks
high
151989SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151986SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)NessusSuSE Local Security Checks
high
151935openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151897Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-202-01)NessusSlackware Local Security Checks
high
151878SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2406-1)NessusSuSE Local Security Checks
high
151756openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
151730openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
151658SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2349-1)NessusSuSE Local Security Checks
high
151653SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2324-1)NessusSuSE Local Security Checks
high
151649SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2321-1)NessusSuSE Local Security Checks
high
151618SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14764-1)NessusSuSE Local Security Checks
high
151280openSUSE 15 Security Update : kernel (openSUSE-SU-2021:0947-1)NessusSuSE Local Security Checks
high
151205SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2208-1)NessusSuSE Local Security Checks
high
150985Debian DLA-2689-1 : linux security updateNessusDebian Local Security Checks
high
150984Debian DLA-2690-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
150957Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5000-1)NessusUbuntu Local Security Checks
high
150955Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5001-1)NessusUbuntu Local Security Checks
medium
150954Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4999-1)NessusUbuntu Local Security Checks
high
150953Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4997-1)NessusUbuntu Local Security Checks
medium
150927SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
150901SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
150696SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1888-1)NessusSuSE Local Security Checks
high
150407SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1890-1)NessusSuSE Local Security Checks
high
150401SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1889-1)NessusSuSE Local Security Checks
high
150315openSUSE Security Update : the Linux Kernel (openSUSE-2021-843)NessusSuSE Local Security Checks
high
149440KB5003208: Windows Server 2012 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149398KB5003173: Windows 10 version 2004 / Windows 10 version 20H2 Security Update (May 2021)NessusWindows : Microsoft Bulletins
critical
149396KB5003172: Windows 10 version 1507 LTS Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149392KB5003233: Windows Server 2008 R2 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149391KB5003174: Windows 10 version 1803 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149390KB5003197: Windows 10 1607 / Windows Server 2016 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149389KB5003210: Windows Server 2008 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149383KB5003169: Windows 10 version 1909 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high
149382KB5003171: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2021)NessusWindows : Microsoft Bulletins
high