CVE-2020-26143 : An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implement

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

Published 2021-05-11 20:15:09

Updated 2021-12-03 21:25:06

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validation

Exploit prediction scoring system (EPSS) score for CVE-2020-26143

Probability of exploitation activity in the next 30 days: 0.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-26143

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:P/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2020-26143

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-26143

https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf

Third Party Advisory

CVEs referencing this url
https://www.fragattacks.com

FragAttacks: Security flaws in all Wi-Fi devices
Third Party Advisory

CVEs referencing this url
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
Third Party Advisory

CVEs referencing this url
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md

fragattacks/SUMMARY.md at master · vanhoefm/fragattacks · GitHub
Third Party Advisory

CVEs referencing this url
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Security Advisory 0063 - Arista
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2021/05/11/12

oss-security - various 802.11 security issues - fragattacks.com
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2020-26143

Siemens » Scalance W700 Ieee 802.11n Firmware
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance W700 Ieee 802.11n » Version: N/A
Arista » C-75 Firmware » Version: N/A
cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » C-75 » Version: N/A
Arista » O-90 Firmware » Version: N/A
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » O-90 » Version: N/A
Arista » C-65 Firmware » Version: N/A
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » C-65 » Version: N/A
Arista » W-68 Firmware » Version: N/A
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » W-68 » Version: N/A
Alfa » Awus036h Firmware » Version: 1030.36.604 For Windows 10
cpe:2.3:o:alfa:awus036h_firmware:1030.36.604:*:*:*:*:windows_10:*:*
Matching versions
When used together with: Alfa » Awus036h » Version: N/A

Vulnerability Details : CVE-2020-26143

Exploit prediction scoring system (EPSS) score for CVE-2020-26143

CVSS scores for CVE-2020-26143

CWE ids for CVE-2020-26143

References for CVE-2020-26143

Products affected by CVE-2020-26143