Published: 15/04/2023 Updated: 07/09/2023

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 0

The IEEE 802.11 specifications up to and including 802.11ax allow physically proximate malicious users to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ieee ieee 802.11
sonicwall tz670_firmware -
sonicwall tz570_firmware -
sonicwall tz570p_firmware -
sonicwall tz570w_firmware -
sonicwall tz470_firmware -
sonicwall tz470w_firmware -
sonicwall tz370_firmware -
sonicwall tz370w_firmware -
sonicwall tz270_firmware -
sonicwall tz270w_firmware -
sonicwall tz600_firmware -
sonicwall tz600p_firmware -
sonicwall tz500_firmware -
sonicwall tz500w_firmware -
sonicwall tz400_firmware -
sonicwall tz400w_firmware -
sonicwall tz350_firmware -
sonicwall tz350w_firmware -
sonicwall tz300_firmware -
sonicwall tz300p_firmware -
sonicwall tz300w_firmware -
sonicwall soho_250_firmware -
sonicwall soho_250w_firmware -
sonicwall sonicwave_231c_firmware -
sonicwall sonicwave_224w_firmware -
sonicwall sonicwave_432o_firmware -
sonicwall sonicwave_621_firmware -
sonicwall sonicwave_641_firmware -
sonicwall sonicwave_681_firmware -

Repository for the Framing Frames publication: security context and transmit queue manipulations, client isolation bypasses, and more.

Wi-Fi Framing This repository summarizes information for the 'Framing Frames' publication at USENIX Security 2023 (pdf) Furthermore, we provide proof-of-concepts implemented as test cases for the Wi-Fi Framework: Leaking Frames from the FreeBSD Queue Queueing SA Query Requests Wi-Fi Client Isolation Bypass The MacStealer repository provides a tool to test Wi-Fi n

MacStealer: Wi-Fi Client Isolation Bypass 1 Introduction This repo contains MacStealer It can test Wi-Fi networks for client isolation bypasses (CVE-2022-47522) Our attack can intercept (steal) traffic toward other clients at the MAC layer, even if clients are prevented from communicating with each other This vulnerability affects Wi-Fi networks with malicious insiders, whe

Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources How someone can nab buffered info, by hook or by kr00k

Ambiguity in the Wi-Fi specification has left the wireless networking stacks in various operating systems vulnerable to several attacks that have the potential to expose network traffic. The design oversight was described in a presentation this week at the 2023 Real World Crypto Symposium, in Tokyo, Japan, by Mathy Vanhoef, a professor at KU Leuven in Belgium. "Crypto" in this context stands for cryptography rather than notional currency. Vanhoef and co-authors Domien Schepers and Aanjhan Rangan...

CVE-2022-47522

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect