Fragmentation Security Weakness in Wi-Fi Standards Affecting Multiple Vendors
CVE-2020-24586

3.5LOW

Key Information:

Vendor

Ieee

Status
Ieee 802.11
Vendor
CVE Published:
11 May 2021

What is CVE-2020-24586?

The Wi-Fi security standards, including WPA, WPA2, and WPA3, are affected by a vulnerability that arises from the handling of fragmented frames. In certain situations, upon connecting or reconnecting to a network, received fragments may remain in memory unaltered. This oversight can allow an attacker to exploit fragmented frames encrypted with WEP, CCMP, or GCMP, thereby injecting arbitrary network packets or potentially exfiltrating sensitive user data. The vulnerability underscores the importance of secure memory management practices in network environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.intel.com/content/www/us/en/security-center/a...
https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisory
https://www.fragattacks.com

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.