CVE-2020-24586 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2020-24586?

CVE-2020-24586 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-24586?

Check the references section above for vendor advisories and patch information. Affected products include: Ieee Ieee 802.11, Debian Debian Linux, Linux Mac80211, Arista C-250 Firmware, Arista C-250.

Vulnerability Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

CVSS Score

3.5

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ieee	Ieee 802.11	All versions
Debian	Debian Linux	9.0
Linux	Mac80211	-
Arista	C-250 Firmware	< 10.0.1-31
Arista	C-250	-
Arista	C-260 Firmware	< 10.0.1-31
Arista	C-260	-
Arista	C-230 Firmware	< 10.0.1-31
Arista	C-230	-
Arista	C-235 Firmware	< 10.0.1-31
Arista	C-235	-
Arista	C-200 Firmware	< 11.0.0-36
Arista	C-200	-
Intel	Ax210 Firmware	< 22.30.0.11
Intel	Ax210	-
Intel	Ax201 Firmware	< 22.30.0.11
Intel	Ax201	-
Intel	Ax200 Firmware	< 22.30.0.11
Intel	Ax200	-
Intel	Ac 9560 Firmware	< 22.30.0.11

References

http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-sThird Party Advisory
https://www.fragattacks.comExploitThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wThird Party Advisory

FAQ

What is CVE-2020-24586?

CVE-2020-24586 is a vulnerability with a CVSS score of 3.5 (LOW). The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting t...

How severe is CVE-2020-24586?

CVE-2020-24586 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24586?

Check the references section above for vendor advisories and patch information. Affected products include: Ieee Ieee 802.11, Debian Debian Linux, Linux Mac80211, Arista C-250 Firmware, Arista C-250.