CVE-2020-26147

Published: 11/05/2021 Updated: 12/07/2022

CVSS v2 Base Score: 3.2 | Impact Score: 4.9 | Exploitability Score: 3.2

CVSS v3 Base Score: 5.4 | Impact Score: 4.2 | Exploitability Score: 1.2

VMScore: 286

Vector: AV:A/AC:H/Au:N/C:P/I:P/A:N

An issue exists in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 9.0
arista c-75 firmware -
arista o-90 firmware -
arista c-65 firmware -
arista w-68 firmware -
siemens scalance w700 ieee 802.11n firmware
siemens scalance w1700 ieee 802.11ac firmware

Several security issues were fixed in the Linux kernel ...

A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...

On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public This paper discusses 12 vulnerabilities in the 80211 standard One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are impl ...

Severity Unknown Remote Unknown Type Unknown Description AVG-1879 linux 5122arch1-1 Medium Vulnerable ...

Hi, Several security issues in the 80211 implementations were found by Mathy Vanhoef (New York University Abu Dhabi), who has published all the details at papersmathyvanhoefcom/usenix2021pdf and wwwfragattackscom/ For Linux, we've developed the set of patches posted here: lorekernelorg/linux-wi ...

NVD-CWE-Other https://www.fragattacks.com https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md http://www.openwall.com/lists/oss-security/2021/05/11/12 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5343-1 https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-04

CVE-2020-26147

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect