CVE-2020-24586

LOWMonitor

Published:May 11, 2021(5 years ago)

Modified:Nov 21, 2024

Adjacent NetworkNo Auth RequiredLow Complexity

Vulnerability Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Attack Characteristics

ADJACENT_NETWORKLow ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
ieee	ieee_802.11	-	-
debian	debian_linux	-	-
linux	mac80211	-

Timeline

Published
CVE disclosed publicly
May 11, 20215 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List

CVSS Score

v3.1

3.5/ 10.0

LOW

AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

At a Glance

Affected Products

References

ieee / ieee_802.11

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/...Third Party Advisory

https://www.arista.com/en/support/advisories-notices/security-advisori...Third Party Advisory

https://www.fragattacks.comExploit

https://www.intel.com/content/www/us/en/security-center/advisory/intel...Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List

https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/...Third Party Advisory

https://www.arista.com/en/support/advisories-notices/security-advisori...Third Party Advisory

https://www.fragattacks.comExploit

https://www.intel.com/content/www/us/en/security-center/advisory/intel...Third Party Advisory

CVSS v3 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability

Attack VectorAdjacent

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

Impact

ScopeUnchanged

ConfidentialityLow

IntegrityNone

AvailabilityNone

Impact Analysis

ConfidentialityLow

NoneLowHigh

IntegrityNone

NoneLowHigh

AvailabilityNone

NoneLowHigh

CVE-2020-24586

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description