CVE-2020-26142 Information

Description

An issue was discovered in the kernel in OpenBSD 6.6. The WEP WPA WPA2 and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

https://www.fragattacks.com https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md http://www.openwall.com/lists/oss-security/2021/05/11/12 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.3