CVE-2020-26146
Description
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Arch Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| samsung | galaxy_i9305 | - | |
| arista | c-250 | - | |
| arista | c-260 | - | |
| arista | c-230 | - | |
| arista | c-235 | - | |
| arista | c-200 | - | |
| arista | c-120 | - | |
| arista | c-130 | - | |
| arista | c-100 | - | |
| arista | c-110 | - | |
| arista | o-105 | - | |
| arista | w-118 | - | |
| arista | c-75 | - | |
| arista | o-90 | - | |
| arista | c-65 | - | |
| arista | w-68 | - | |
| siemens | scalance_w700_ieee_802.11n | - | |
| siemens | scalance_w1700_ieee_802.11ac | - | |
| siemens | scalance_w1750d | - | |
References
- https://www.suse.com/security/cve/CVE-2020-26146.html
- https://errata.almalinux.org/8/ALSA-2021-4356.html
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.