CVE-2020-26142 - Vulnerability Details - OpenCVE

An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openbsd	Openbsd

Configuration 1 [-]

cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2021/05/11/12
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
https://nvd.nist.gov/vuln/detail/CVE-2020-26142
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
https://www.cve.org/CVERecord?id=CVE-2020-26142
https://www.fragattacks.com

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-11T19:41:14

Updated: 2024-08-04T15:49:07.153Z

Reserved: 2020-09-29T00:00:00

Link: CVE-2020-26142

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-11T20:15:08.760

Modified: 2024-11-21T05:19:21.237

Link: CVE-2020-26142

Redhat

Severity : Moderate

Publid Date: 2021-05-11T00:00:00Z

Links: CVE-2020-26142 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-28T14:22:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"tags": ["x_refsource_MISC"], "url": "https://www.fragattacks.com"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"tags": ["x_refsource_MISC"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26142", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"name": "https://www.fragattacks.com", "refsource": "MISC", "url": "https://www.fragattacks.com"}, {"name": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "refsource": "MISC", "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "refsource": "MISC", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:49:07.153Z"}, "title": "CVE Program Container", "references": [{"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.fragattacks.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26142", "datePublished": "2021-05-11T19:41:14", "dateReserved": "2020-09-29T00:00:00", "dateUpdated": "2024-08-04T15:49:07.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "0E0CC007-1428-4683-A196-3544F1C9CC92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el kernel en OpenBSD versi\u00f3n 6.6. Las implementaciones WEP, WPA, WPA2 y WPA3 tratan las tramas fragmentadas como tramas completas. Un adversario puede abusar de esto para inyectar paquetes de red arbitrarios, independientemente de la configuraci\u00f3n de la red"}], "id": "CVE-2020-26142", "lastModified": "2024-11-21T05:19:21.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-11T20:15:08.760", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.fragattacks.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.fragattacks.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: processing fragmented frames as full frames", "id": "1960494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960494"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "details": ["An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.", "A flaw was found in the Linux kernel, where the WiFi implementations treat fragmented frames as full frames. This flaw allows an attacker to inject arbitrary network packets independent of the network configuration. The highest threat from this vulnerability is to integrity."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-26142", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-26142\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26142"], "threat_severity": "Moderate"}