Vulnerabilities > CVE-2020-24586

047910
CVSS 3.5 - LOW
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE

Summary

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Vulnerable Configurations

Part Description Count
Application
Ieee
1
Application
Linux
1
OS
Debian
1
OS
Arista
5
OS
Intel
33
OS
Linux
1205
Hardware
Arista
5
Hardware
Intel
15