The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

References

www.openwall.com/lists/oss-security/2021/05/11/12

github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

lists.debian.org/debian-lts-announce/2021/06/msg00019.html

lists.debian.org/debian-lts-announce/2021/06/msg00020.html

lists.debian.org/debian-lts-announce/2023/04/msg00002.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

www.fragattacks.com

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

cve 1

ubuntucve 1

veracode 1

nessus 55

nvd 1

prion 1

debiancve 1

redhatcve 1

openvas 36

lenovo 2

hp 1

intel 1

ics 2

mageia 2

oraclelinux 6

debian 3

osv 9

checkpoint_security 1

threatpost 1

suse 4

ubuntu 7

malwarebytes 1

hackerone 1

thn 1

arista 1

cisco 1

cloudfoundry 1

slackware 1

almalinux 1

redhat 4

cve

CVE-2020-24586

2021-05-11 20:15:08

ubuntucve

CVE-2020-24586

2021-05-11 00:00:00

veracode

Packet Injection

2021-11-17 22:36:55

nessus

Cisco Multiple Products Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-24586)

2024-03-18 00:00:00

SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14764-1)

2021-07-14 00:00:00

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9406)

2021-08-10 00:00:00

nvd

CVE-2020-24586

2021-05-11 20:15:08

prion

Design/Logic Flaw

2021-05-11 20:15:00

debiancve

CVE-2020-24586

2021-05-11 20:15:08

redhatcve

CVE-2020-24586

2021-05-13 05:56:37

openvas

AVM FRITZ!Box Multiple Wi-Fi Vulnerabilities (FragAttacks)

2021-05-14 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:14764-1)

2021-07-14 00:00:00

Mageia: Security Advisory (MGASA-2021-0257)

2022-01-28 00:00:00

lenovo

Intel® PROSet and Wireless WiFi, Intel vPro® CSME WiFi, and Intel® Killer™ WiFi Advisory - Lenovo Support NL

2021-05-11 20:39:26

Aggregation and Fragmentation Attacks against Wi-Fi (FragAttacks) Vulnerabilities - Lenovo Support NL

2021-06-07 20:37:01

Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi May 2021 Security Updates

2021-05-14 00:00:00

intel

Intel® PROSet/Wireless WiFi , Intel vPro® CSME WiFi and Killer™ WiFi Advisory Advisory

2021-05-11 00:00:00

ics

Mitsubishi Electric GT25-WLAN (Update A)

2022-05-12 12:00:00

Hitachi ABB Power Grids TropOS

2021-08-24 12:00:00

mageia

Updated kernel packages fix security vulnerabilities

2021-06-14 00:32:39

Updated kernel-linus packages fix security vulnerabilities

2021-06-14 00:32:39

oraclelinux

Unbreakable Enterprise kernel security update

2021-08-10 00:00:00

Unbreakable Enterprise kernel-container security update

2021-08-10 00:00:00

Unbreakable Enterprise kernel security update

2021-09-21 00:00:00

debian

[SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)

2023-04-01 20:16:41

[SECURITY] [DLA 2690-1] linux-4.19 security update

2021-06-23 00:05:06

[SECURITY] [DLA 2689-1] linux security update

2021-06-23 00:11:57

osv

firmware-nonfree - security update

2023-04-01 00:00:00

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

2021-07-20 22:11:51

linux-oem-5.10 vulnerabilities

2021-06-23 03:45:22

checkpoint_security

Check Point Response to Wi-Fi FragAttacks in Quantum Spark appliances

2021-06-09 23:24:30

threatpost

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices

2021-05-12 15:48:05

suse

Security update for the Linux Kernel (important)

2021-07-01 00:00:00

Security update for the Linux Kernel (important)

2021-06-06 00:00:00

Security update for the Linux Kernel (important)

2021-07-11 00:00:00

ubuntu

Linux kernel vulnerabilities

2021-07-20 00:00:00

Linux kernel (KVM) vulnerabilities

2021-06-25 00:00:00

Linux kernel (OEM) vulnerabilities

2021-06-23 00:00:00

malwarebytes

FragAttack: New Wi-Fi vulnerabilities that affect… basically everything

2021-05-12 17:31:21

hackerone

Internet Bug Bounty: Fragmentation and Aggregation Flaws in Wi-Fi

2021-06-19 21:24:25

thn

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

2021-05-12 13:07:00

arista

Security Advisory 0063

2021-05-25 00:00:00

cisco

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

2021-05-11 18:00:00

cloudfoundry

USN-5000-1: Linux kernel vulnerabilities | Cloud Foundry

2021-07-08 00:00:00

slackware

[slackware-security] Slackware 14.2 kernel

2021-07-21 05:44:30

almalinux

Moderate: kernel security, bug fix, and enhancement update

2021-11-09 09:08:02

redhat

(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update

2021-11-09 08:21:02

(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update

2021-11-09 09:08:02

(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)

2021-12-14 21:31:08

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.0%

JSON

Related for CVELIST:CVE-2020-24586