CVE-2020-24587
N/A
N/A
Summary
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.