Cyber Resilience

CVE-2020-24586

LowPublic PoC

Published: 11 May 2021

Published
11 May 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score 0.0146 81.3th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-24586 is a low-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 3.5 (Low).

Operationally, ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented…

more

frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ieee
ieee 802.11
all versions
debian
debian linux
9.0
linux
mac80211
all versions
arista
c-250 firmware
≤ 10.0.1-31
arista
c-260 firmware
≤ 10.0.1-31
arista
c-230 firmware
≤ 10.0.1-31
arista
c-235 firmware
≤ 10.0.1-31
arista
c-200 firmware
≤ 11.0.0-36
intel
ax210 firmware
≤ 22.30.0.11
intel
ax201 firmware
≤ 22.30.0.11
+14 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References