{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-28T14:23:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"tags": ["x_refsource_MISC"], "url": "https://www.fragattacks.com"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26143", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"name": "https://www.fragattacks.com", "refsource": "MISC", "url": "https://www.fragattacks.com"}, {"name": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "refsource": "MISC", "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"}, {"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "refsource": "MISC", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:49:07.234Z"}, "title": "CVE Program Container", "references": [{"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.fragattacks.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26143", "datePublished": "2021-05-11T19:36:38", "dateReserved": "2020-09-29T00:00:00", "dateUpdated": "2024-08-04T15:49:07.234Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:*", "matchCriteriaId": "3F3BCD30-168B-451E-BA0A-B7288145ED77", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:alfa:awus036h:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF0F9200-8AFD-4100-AF39-49476298C0E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD2A3CCF-E8B5-4E7F-BCE7-DB70E8E72B4B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EE26D5A-486B-48F3-9C1C-4EE3FD8F0234", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B9860B5-6CC7-4F29-9514-A469AF6B28F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*", "matchCriteriaId": "41F9E4B2-63FC-4F53-9C12-7478B7B6AD48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C890ABE-5D64-4D7F-A67B-BC026649E0B3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B617EA3-E69E-43CA-99D4-86A408C55C90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C1EF830-C210-48DB-A3F8-FC706AC5F3C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F03BB48-C89A-41F6-99DE-12FF95DCD9F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F05D6764-79B4-4787-B2D2-E685910453C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*", "matchCriteriaId": "880644DA-9280-4498-AD72-5CBD59CC8142", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el controlador ALFA Windows 10 versi\u00f3n 1030.36.604 para AWUS036ACH. Las implementaciones WEP, WPA, WPA2 y WPA3 aceptan tramas de texto plano fragmentados en una red Wi-Fi protegida. Un adversario puede abusar de esto para inyectar tramas de datos arbitrarias independientes de la configuraci\u00f3n de la red"}], "id": "CVE-2020-26143", "lastModified": "2024-11-21T05:19:21.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-11T20:15:08.800", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.fragattacks.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.fragattacks.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4140", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-348.rt7.130.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4356", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-348.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "kernel: accepting fragmented plaintext frames in protected networks", "id": "1960496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960496"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-346", "details": ["An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.", "A vulnerability was found in Linux kernel, where the WiFi implementations assemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-26143", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-26143\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26143"], "threat_severity": "Moderate"}

{}