CVE-2020-26139 — Improper Authentication in Netbsd
Severity
5.3MEDIUMNVD
OSV7.8OSV3.5
EPSS
2.3%
top 15.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 11
Latest updateMay 24
Description
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6
Affected Packages4 packages
Also affects: Netbsd 7.1, Debian Linux 9.0
Patches
🔴Vulnerability Details
8OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-07-20