CVE-2020-24588 — LOW (3.5) — White Hats Nepal

Vulnerability Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

CVSS Score

3.5

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ieee	Ieee 802.11	All versions
Linux	Mac80211	-
Microsoft	Windows 10	-
Microsoft	Windows 7	-
Microsoft	Windows 8.1	-
Microsoft	Windows Rt 8.1	-
Microsoft	Windows Server 2008	-
Microsoft	Windows Server 2012	-
Microsoft	Windows Server 2016	-
Microsoft	Windows Server 2019	-
Debian	Debian Linux	9.0
Siemens	Scalance W1748-1 Firmware	-
Siemens	Scalance W1748-1	-
Siemens	Scalance W1750D Firmware	-
Siemens	Scalance W1750D	-
Siemens	Scalance W1788-1 Firmware	-
Siemens	Scalance W1788-1	-
Siemens	Scalance W1788-2 Firmware	-
Siemens	Scalance W1788-2	-
Siemens	Scalance W1788-2Ia Firmware	-

Related Weaknesses (CWE)

CWE-327

References

http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfThird Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-sThird Party Advisory
https://www.fragattacks.comExploitThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfThird Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2020-24588?

CVE-2020-24588 is a vulnerability with a CVSS score of 3.5 (LOW). The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticat...

How severe is CVE-2020-24588?

CVE-2020-24588 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24588?

Check the references section above for vendor advisories and patch information. Affected products include: Ieee Ieee 802.11, Linux Mac80211, Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows 8.1.