Vulnerability Name:

CVE-2020-26144 (CCN-200791)

Assigned:2020-09-29
Published:2021-05-11
Updated:2021-12-04
Summary:An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.1 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-20
CWE-290
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-26144

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210511 various 802.11 security issues - fragattacks.com

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

Source: XF
Type: UNKNOWN
ms-windows-cve202026144-spoofing(200791)

Source: MISC
Type: Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

Source: CCN
Type: Microsoft Security TechCenter - May 2021
Windows Wireless Networking Spoofing Vulnerability

Source: CCN
Type: Cisco Security Advisory cisco-sa-wifi-faf-22epcEWu
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

Source: CISCO
Type: Third Party Advisory
20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

Source: MISC
Type: Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Source: MISC
Type: Third Party Advisory
https://www.fragattacks.com

Vulnerable Configuration:Configuration 1:
  • cpe:/o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*
  • AND
  • cpe:/h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:arista:c-250_firmware:*:*:*:*:*:*:*:* (Version < 10.0.1-31)
  • AND
  • cpe:/h:arista:c-250:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:arista:c-260_firmware:*:*:*:*:*:*:*:* (Version < 10.0.1-31)
  • AND
  • cpe:/h:arista:c-260:-:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:arista:c-230_firmware:*:*:*:*:*:*:*:* (Version < 10.0.1-31)
  • AND
  • cpe:/h:arista:c-230:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:arista:c-235_firmware:*:*:*:*:*:*:*:* (Version < 10.0.1-31)
  • AND
  • cpe:/h:arista:c-235:-:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:arista:c-200_firmware:*:*:*:*:*:*:*:* (Version < 11.0.0-36)
  • AND
  • cpe:/h:arista:c-200:-:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/o:arista:c-120_firmware:*:*:*:*:*:*:*:* (Version < 11.0.0-36)
  • AND
  • cpe:/h:arista:c-120:-:*:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:arista:c-130_firmware:*:*:*:*:*:*:*:* (Version < 11.0.0-36)
  • AND
  • cpe:/h:arista:c-130:-:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:arista:c-100_firmware:*:*:*:*:*:*:*:* (Version < 11.0.0-36)
  • AND
  • cpe:/h:arista:c-100:-:*:*:*:*:*:*:*

  • Configuration 10:
  • cpe:/o:arista:c-110_firmware:*:*:*:*:*:*:*:* (Version < 11.0.0-36)
  • AND
  • cpe:/h:arista:c-110:-:*:*:*:*:*:*:*

  • Configuration 11:
  • cpe:/o:arista:o-105_firmware:*:*:*:*:*:*:*:* (Version < 11.0.0-36)
  • AND
  • cpe:/h:arista:o-105:-:*:*:*:*:*:*:*

  • Configuration 12:
  • cpe:/o:arista:w-118_firmware:*:*:*:*:*:*:*:* (Version < 11.0.0-36)
  • AND
  • cpe:/h:arista:w-118:-:*:*:*:*:*:*:*

  • Configuration 13:
  • cpe:/o:arista:c-75_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:c-75:-:*:*:*:*:*:*:*

  • Configuration 14:
  • cpe:/o:arista:o-90_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:o-90:-:*:*:*:*:*:*:*

  • Configuration 15:
  • cpe:/o:arista:c-65_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:c-65:-:*:*:*:*:*:*:*

  • Configuration 16:
  • cpe:/o:arista:w-68_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:arista:w-68:-:*:*:*:*:*:*:*

  • Configuration 17:
  • cpe:/o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:scalance_w700_ieee_802.11ax:-:*:*:*:*:*:*:*

  • Configuration 18:
  • cpe:/o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_7::sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:arm64:*
  • OR cpe:/o:microsoft:windows_10:1809::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10:1809:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_10:1803::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*
  • OR cpe:/o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*
  • OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_10:1607::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10:2004:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_10_2004:-:*:*:*:*:*:arm64:*
  • OR cpe:/o:microsoft:windows_10_2004:-:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_10:1909:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_10_1909:-:*:*:*:*:*:arm64:*
  • OR cpe:/o:microsoft:windows_10:20h2:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_10_20h2:-:*:*:*:*:*:arm64:*
  • OR cpe:/o:microsoft:windows_10_20h2:-:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server:1909:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server:2004:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server:20h2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20214140
    P
    RHSA-2021:4140: kernel-rt security and bug fix update (Moderate)
    2021-11-09
    oval:com.redhat.rhsa:def:20214356
    P
    RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate)
    2021-11-09
    BACK
    samsung galaxy i9305 firmware 4.4.4
    samsung galaxy i9305 -
    arista c-250 firmware *
    arista c-250 -
    arista c-260 firmware *
    arista c-260 -
    arista c-230 firmware *
    arista c-230 -
    arista c-235 firmware *
    arista c-235 -
    arista c-200 firmware *
    arista c-200 -
    arista c-120 firmware *
    arista c-120 -
    arista c-130 firmware *
    arista c-130 -
    arista c-100 firmware *
    arista c-100 -
    arista c-110 firmware *
    arista c-110 -
    arista o-105 firmware *
    arista o-105 -
    arista w-118 firmware *
    arista w-118 -
    arista c-75 firmware -
    arista c-75 -
    arista o-90 firmware -
    arista o-90 -
    arista c-65 firmware -
    arista c-65 -
    arista w-68 firmware -
    arista w-68 -
    siemens scalance w700 ieee 802.11ax firmware *
    siemens scalance w700 ieee 802.11ax -
    siemens scalance w700 ieee 802.11n firmware *
    siemens scalance w700 ieee 802.11n -
    microsoft windows server 2008 sp2
    microsoft windows server 2008 - sp2
    microsoft windows 7 - sp1
    microsoft windows 7 sp1
    microsoft windows server 2008 r2
    microsoft windows server 2012
    microsoft windows 8.1 - -
    microsoft windows 8.1
    microsoft windows server 2012 r2
    microsoft windows rt 8.1 -
    microsoft windows 10 -
    microsoft windows 10
    microsoft windows server 2016
    microsoft windows server 2019 -
    microsoft windows 10 -
    microsoft windows 10 1809
    microsoft windows 10 1809
    microsoft windows 10 1803
    microsoft windows 10 1803
    microsoft windows 10 1803
    microsoft windows 10 1809
    microsoft windows 10 1607
    microsoft windows 10 1607
    microsoft windows 10 2004
    microsoft windows 10 2004
    microsoft windows 10 2004
    microsoft windows 10 1909
    microsoft windows 10 1909
    microsoft windows 10 1909
    microsoft windows 10 20h2
    microsoft windows 10 20h2
    microsoft windows 10 20h2
    microsoft windows server 2019 -
    microsoft windows server 1909
    microsoft windows server 2004
    microsoft windows server 20h2
    microsoft windows server 2016
    microsoft windows server 2012 r2
    microsoft windows server 2012
    microsoft windows server 2008 - sp2
    microsoft windows server 2008 sp2
    microsoft windows server 2008 r2