CVE-2020-24587

CVE Database · CVE-2020-24587

CVE-2020-24587

· LOWModified

CVSS v3.1

2.6

EPSS

2.59%

Published

May 11, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-327

Affected Products (338)

ieee · ieee_802.11vulnerable

linux · mac80211vulnerable

debian · debian_linuxvulnerable

arista · c-100_firmwarevulnerable

arista · c-100

arista · c-110_firmwarevulnerable

arista · c-110