CVE-2020-26139

Sažetak

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

Reference

https://www.fragattacks.com
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
http://www.openwall.com/lists/oss-security/2021/05/11/12
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

CVSS

Base:	2.9
Impact:	2.9
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:A/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

30-09-2022 - 03:03

Objavljeno

11-05-2021 - 20:15