An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/05/11/12 | Mailing List Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | Third Party Advisory |
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu | Third Party Advisory |
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | Third Party Advisory |
https://www.fragattacks.com | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
History
06 Dec 2021, 13:45
Type | Values Removed | Values Added |
---|---|---|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu - Third Party Advisory | |
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 - Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf - Third Party Advisory | |
CPE | cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:* cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:* cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:* cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:* cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:* cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:* |
28 Oct 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 May 2021, 19:01
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/05/11/12 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md - Third Party Advisory | |
References | (MISC) https://www.fragattacks.com - Third Party Advisory | |
CPE | cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:* cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:* |
|
CWE | CWE-20 | |
CVSS |
v2 : v3 : |
v2 : 2.9
v3 : 5.3 |
Information
Published : 2021-05-11 20:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-26146
Mitre link : CVE-2020-26146
CVE.ORG link : CVE-2020-26146
JSON object : View
Products Affected
arista
- c-235
- c-200
- c-250_firmware
- o-105_firmware
- c-230_firmware
- c-110_firmware
- c-200_firmware
- c-110
- c-260_firmware
- c-235_firmware
- c-100
- c-65
- c-250
- w-118
- w-68_firmware
- c-120_firmware
- c-130
- o-90_firmware
- c-130_firmware
- c-260
- c-75_firmware
- o-90
- c-65_firmware
- w-118_firmware
- c-75
- w-68
- c-120
- o-105
- c-230
- c-100_firmware
siemens
- scalance_w1750d
- scalance_w700_ieee_802.11n_firmware
- scalance_w700_ieee_802.11n
- scalance_w1750d_firmware
- scalance_w1700_ieee_802.11ac_firmware
- scalance_w1700_ieee_802.11ac
samsung
- galaxy_i9305
- galaxy_i9305_firmware
CWE
CWE-20
Improper Input Validation