Vulnerability Name:

CVE-2020-26143 (CCN-201633)

Assigned:2020-09-29
Published:2021-05-11
Updated:2021-12-03
Summary:An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.1 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-20
CWE-346
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-26143

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210511 various 802.11 security issues - fragattacks.com

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

Source: XF
Type: UNKNOWN
cisco-cve202026143-sec-bypass(201633)

Source: MISC
Type: Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

Source: CCN
Type: Cisco Security Advisory cisco-sa-wifi-faf-22epcEWu
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

Source: CISCO
Type: Third Party Advisory
20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

Source: MISC
Type: Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Source: MISC
Type: Third Party Advisory
https://www.fragattacks.com

Vulnerable Configuration:Configuration 1:
  • cpe:/o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:*
  • AND
  • cpe:/h:alfa:awus036h:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:arista:c-75_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:c-75:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:arista:o-90_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:o-90:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:arista:c-65_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:c-65:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:arista:w-68_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:w-68:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20214140
    P
    		RHSA-2021:4140: kernel-rt security and bug fix update (Moderate)
    2021-11-09
    oval:com.redhat.rhsa:def:20214356
    P
    		RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate)
    2021-11-09
    BACK
    alfa awus036h firmware 1030.36.604
    alfa awus036h -
    arista c-75 firmware -
    arista c-75 -
    arista o-90 firmware -
    arista o-90 -
    arista c-65 firmware -
    arista c-65 -
    arista w-68 firmware -
    arista w-68 -
    siemens scalance w700 ieee 802.11n firmware *
    siemens scalance w700 ieee 802.11n -
    cisco ip conference phone 8832 -
    cisco ip phone 8861 -
    cisco ip phone 8865 -
    cisco wireless ip phone 8821 -
    cisco ip phone 6861 -