Home > Vulnerability Database > CVE-2020-24587

Mend.io Vulnerability Database

CVE-2020-24587

Date: May 10, 2021

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

Language: C

Severity Score

2.6

Related Resources (14)

Url: https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

Url: https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html

Url: https://www.fragattacks.com

Url: http://www.openwall.com/lists/oss-security/2021/05/11/12

Url: https://access.redhat.com/security/cve/CVE-2020-24587

Url: https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24587

Url: https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

Url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

Url: https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Url: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

Url: https://security-tracker.debian.org/tracker/CVE-2020-24587

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-24587

Url: https://www.mend.io/vulnerability-database/CVE-2020-24587

Severity Score

2.6

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

CVSS v3.1

Base Score:	2.6
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.8
Access Vector (AV):	ADJACENT
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-24587

Date: May 10, 2021

Language: C

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?