Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
2.9
CVSSv2

CVE-2020-26139

Published: 11/05/2021 Updated: 30/09/2022
CVSS v2 Base Score: 2.9 | Impact Score: 2.9 | Exploitability Score: 5.5
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 259
Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

An issue exists in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netbsd netbsd 7.1

debian debian linux 9.0

arista c-100 firmware -

arista c-110 firmware -

arista c-120 firmware -

arista c-130 firmware -

arista c-200 firmware -

arista c-230 firmware -

arista c-235 firmware -

arista c-250 firmware -

arista c-260 firmware -

arista c-65 firmware -

arista c-75 firmware -

arista o-105 firmware -

arista o-90 firmware -

arista w-118 firmware -

arista w-68 firmware -

cisco 1100 firmware -

cisco 1100-4p firmware -

cisco 1100-8p firmware -

cisco 1101-4p firmware -

cisco 1109-2p firmware -

cisco 1109-4p firmware -

cisco aironet 1532 firmware -

cisco aironet 1542d firmware -

cisco aironet 1542i firmware -

cisco aironet 1552 firmware -

cisco aironet 1552h firmware -

cisco aironet 1572 firmware -

cisco aironet 1702 firmware -

cisco aironet 1800 firmware -

cisco aironet 1800i firmware -

cisco aironet 1810 firmware -

cisco aironet 1810w firmware -

cisco aironet 1815 firmware -

cisco aironet 1815i firmware -

cisco aironet 1832 firmware -

cisco aironet 1842 firmware -

cisco aironet 1852 firmware -

cisco aironet 2702 firmware -

cisco aironet 2800 firmware -

cisco aironet 2800e firmware -

cisco aironet 2800i firmware -

cisco aironet 3702 firmware -

cisco aironet 3800 firmware -

cisco aironet 3800e firmware -

cisco aironet 3800i firmware -

cisco aironet 3800p firmware -

cisco aironet 4800 firmware -

cisco aironet ap803 firmware -

cisco aironet iw3702 firmware -

cisco catalyst 9105 firmware -

cisco catalyst 9105axi firmware -

cisco catalyst 9105axw firmware -

cisco catalyst 9115 firmware -

cisco catalyst 9115 ap firmware -

cisco catalyst 9115axe firmware -

cisco catalyst 9115axi firmware -

cisco catalyst 9117 firmware -

cisco catalyst 9117 ap firmware -

cisco catalyst 9117axi firmware -

cisco catalyst 9120 firmware -

cisco catalyst 9120 ap firmware -

cisco catalyst 9120axe firmware -

cisco catalyst 9120axi firmware -

cisco catalyst 9120axp firmware -

cisco catalyst 9124 firmware -

cisco catalyst 9124axd firmware -

cisco catalyst 9124axi firmware -

cisco catalyst 9130 firmware -

cisco catalyst 9130 ap firmware -

cisco catalyst 9130axe firmware -

cisco catalyst 9130axi firmware -

cisco catalyst iw6300 firmware -

cisco catalyst iw6300 ac firmware -

cisco catalyst iw6300 dc firmware -

cisco catalyst iw6300 dcw firmware -

cisco esw6300 firmware -

cisco ip phone 6861 firmware -

cisco ip phone 8821 firmware -

cisco ip phone 8832 firmware -

cisco ip phone 8861 firmware -

cisco ip phone 8865 firmware -

cisco ir829-2lte-ea-ak9 firmware -

cisco ir829-2lte-ea-bk9 firmware -

cisco ir829-2lte-ea-ek9 firmware -

cisco ir829gw-lte-ga-ck9 firmware -

cisco ir829gw-lte-ga-ek9 firmware -

cisco ir829gw-lte-ga-sk9 firmware -

cisco ir829gw-lte-ga-zk9 firmware -

cisco ir829gw-lte-na-ak9 firmware -

cisco ir829gw-lte-vz-ak9 firmware -

cisco meraki gr10 firmware -

cisco meraki gr60 firmware -

cisco meraki mr12 firmware -

cisco meraki mr20 firmware -

cisco meraki mr26 firmware -

cisco meraki mr30h firmware -

cisco meraki mr32 firmware -

cisco meraki mr33 firmware -

cisco meraki mr34 firmware -

cisco meraki mr36 firmware -

cisco meraki mr42 firmware -

cisco meraki mr42e firmware -

cisco meraki mr44 firmware -

cisco meraki mr45 firmware -

cisco meraki mr46 firmware -

cisco meraki mr46e firmware -

cisco meraki mr52 firmware -

cisco meraki mr53 firmware -

cisco meraki mr53e firmware -

cisco meraki mr55 firmware -

cisco meraki mr56 firmware -

cisco meraki mr62 firmware -

cisco meraki mr66 firmware -

cisco meraki mr70 firmware -

cisco meraki mr72 firmware -

cisco meraki mr74 firmware -

cisco meraki mr76 firmware -

cisco meraki mr84 firmware -

cisco meraki mr86 firmware -

cisco meraki mx64w firmware -

cisco meraki mx65w firmware -

cisco meraki mx67cw firmware -

cisco meraki mx67w firmware -

cisco meraki mx68cw firmware -

cisco meraki mx68w firmware -

cisco meraki z3 firmware -

cisco meraki z3c firmware -

cisco webex board 55 firmware -

cisco webex board 55s firmware -

cisco webex board 70 firmware -

cisco webex board 70s firmware -

cisco webex board 85s firmware -

cisco webex dx70 firmware -

cisco webex dx80 firmware -

cisco webex room 55 firmware -

cisco webex room 55 dual firmware -

cisco webex room 70 firmware -

cisco webex room 70 dual firmware -

cisco webex room 70 dual g2 firmware -

cisco webex room 70 single firmware -

cisco webex room 70 single g2 firmware -

cisco webex room kit firmware -

cisco webex room kit mini firmware -

intel ac 8260 firmware -

intel ac 8265 firmware -

intel ac 9260 firmware -

intel ac 9560 firmware -

intel killer ac 1550 firmware -

intel killer wi-fi 6 ax1650 firmware -

intel killer wi-fi 6e ax1675 firmware -

intel proset ac 3165 firmware -

intel proset ac 3168 firmware -

intel proset ac 8260 firmware -

intel proset ac 8265 firmware -

intel proset ac 9260 firmware -

intel proset ac 9461 firmware -

intel proset ac 9462 firmware -

intel proset ac 9560 firmware -

intel proset wi-fi 6 ax200 firmware -

intel proset wi-fi 6 ax201 firmware -

intel proset wi-fi 6e ax210 firmware -

intel proset wireless 7265 (rev d) firmware -

intel wi-fi 6 ax200 firmware -

intel wi-fi 6 ax201 firmware -

Vendor Advisories

Ubuntu Security Notice: USN-5343-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-004
A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-002
A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...
Cisco: Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public This paper discusses 12 vulnerabilities in the 80211 standard One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are impl ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1879 linux 5122arch1-1 Medium Vulnerable ...

ICS Advisories

Siemens SCALANCE FragAttacks

Mailing Lists

Full Disclosure: various 802.11 security issues - fragattacks.com
Hi, Several security issues in the 80211 implementations were found by Mathy Vanhoef (New York University Abu Dhabi), who has published all the details at papersmathyvanhoefcom/usenix2021pdf and wwwfragattackscom/ For Linux, we've developed the set of patches posted here: lorekernelorg/linux-wi ...

References

CWE-287https://www.fragattacks.comhttps://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdhttp://www.openwall.com/lists/oss-security/2021/05/11/12https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlhttps://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWuhttps://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5343-1https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflowtype confusionserver-side request forgeryCVE-2024-38440CVE-2024-27801CVE-2024-5868CVE-2024-0582CVE-2024-37643CVE-2024-3105
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook