Wi-Fi Security Flaw in Multiple Products by Various Vendors
CVE-2020-24588

3.5LOW

Key Information:

Vendor: Ieee
Status: Ieee 802.11; Mac80211
Vendor: CVE Published:; 11 May 2021

What is CVE-2020-24588?

The vulnerability arises from the 802.11 standard governing Wi-Fi security protocols, specifically relating to the lack of authentication for the A-MSDU flag in the plaintext QoS header field. This oversight may leave devices open to exploitation by adversaries capable of sending non-SSP A-MSDU frames, which are a requirement for 802.11n compliance. As a result, attackers can inject arbitrary network packets into communications, compromising network integrity and potentially leading to unauthorized access or data interception.

References

https://www.intel.com/content/www/us/en/security-center/a...

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisory

https://www.fragattacks.com

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Aug 21, 2020

Ieee

What is CVE-2020-24588?

References

CVSS V3.1

Timeline