Fragmentation Security Weakness in Wi-Fi Standards Affecting Multiple Vendors
CVE-2020-24586

3.5LOW

Key Information:

Vendor: Ieee
Status: Ieee 802.11
Vendor: CVE Published:; 11 May 2021

What is CVE-2020-24586?

The Wi-Fi security standards, including WPA, WPA2, and WPA3, are affected by a vulnerability that arises from the handling of fragmented frames. In certain situations, upon connecting or reconnecting to a network, received fragments may remain in memory unaltered. This oversight can allow an attacker to exploit fragmented frames encrypted with WEP, CCMP, or GCMP, thereby injecting arbitrary network packets or potentially exfiltrating sensitive user data. The vulnerability underscores the importance of secure memory management practices in network environments.

References

https://www.intel.com/content/www/us/en/security-center/a...

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisory

https://www.fragattacks.com

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Aug 21, 2020

CVE-2020-24586 Data

JSON

Ieee

What is CVE-2020-24586?

References

EPSS Score

CVSS V3.1

Timeline