CVE-2020-26142

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.fragattacks.com", "name": "https://www.fragattacks.com", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "name": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12", "name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", "name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", "tags": ["Third Party Advisory"], "refsource": "CISCO"}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-74"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-26142", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}}, "publishedDate": "2021-05-11T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-12-03T21:12Z"}