Access Control Weakness in NetBSD Kernel Affecting Network Security
CVE-2020-26139

5.3MEDIUM

Key Information:

Vendor

Netbsd

Status
Netbsd
Vendor
CVE Published:
11 May 2021

What is CVE-2020-26139?

An issue exists in the NetBSD kernel where Access Points (APs) forward EAPOL frames to other clients before the sender has authenticated. This flaw can be exploited in Wi-Fi networks, potentially leading to denial-of-service attacks against connected devices and facilitating the exploitation of additional vulnerabilities.

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
https://www.fragattacks.com
x_refsource_MISC
https://github.com/vanhoefm/fragattacks/blob/master/SUMMA...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.