CVE-2020-12638 Information

Description

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2 ESP8266_NONOS_SDK devices through 3.0.3 and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN effectively disabling its 802.11 encryption.

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://github.com/espressif/ESP8266_NONOS_SDK https://github.com/espressif/ESP8266_RTOS_SDK https://github.com/espressif/esp-idf https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.8