CVE Vulnerability

CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

2.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 5.5 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.fragattacks.com Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/12 Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf Patch Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:netbsd:netbsd:7.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Information

Published : 2021-05-11 08:15

Updated : 2022-09-30 03:03

NVD link : CVE-2020-26139

Mitre link : CVE-2020-26139

Products Affected

Ac 9560 Firmware

Intel

CWE
CWE-287