cbcvebase.
CVE-2020-24587
published 2021-05-11

CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a…

PriorityP415low2.6CVSS 3.1
AVAACHPRNUIRSUCLINAN
EPSS
2.59%
83.4th percentile
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianfirmware-nonfree< firmware-nonfree 20210818-1 (bookworm)firmware-nonfree 20210818-1 (bookworm)
debianlinux< firmware-nonfree 20210818-1 (bookworm)firmware-nonfree 20210818-1 (bookworm)
googleandroid
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 5.10.46-15.10.46-1
linuxlinux_kernel>= 0 < 4.15.0-151.1574.15.0-151.157
linuxlinux_kernel>= 0 < 5.4.0-77.865.4.0-77.86
linuxlinux_kernel>= 4.14 < 4.14.2354.14.235
linuxlinux_kernel>= 4.19 < 4.19.1934.19.193
linuxlinux_kernel>= 4.4 < 4.4.2714.4.271
linuxlinux_kernel>= 4.9 < 4.9.2714.9.271
linuxlinux_kernel>= 5.10 < 5.10.425.10.42
linuxlinux_kernel>= 5.12 < 5.12.95.12.9
linuxlinux_kernel>= 5.4 < 5.4.1245.4.124
msrcwindows_10
msrcwindows_10_version_1607
msrcwindows_10_version_1803
msrcwindows_10_version_1809
msrcwindows_10_version_1909
msrcwindows_10_version_2004
msrcwindows_10_version_20h2
msrcwindows_7

CVSS provenance

nvdv3.12.6LOWCVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.01.8LOWAV:A/AC:H/Au:N/C:P/I:N/A:N
osv3.5LOW
vendor_cisco6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_ubuntu3.5LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.