CVE-2020-26146

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

CVSS v3.0 5.3 MEDIUM
CVSS v2.0 2.9 LOW

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.fragattacks.com	Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md	Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/12	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*

Information

Published : 2021-05-11 13:15

Updated : 2021-12-06 05:45

NVD link : CVE-2020-26146

Mitre link : CVE-2020-26146

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

arista

w-118_firmware
c-130
c-75
o-105
c-120
w-68_firmware
o-105_firmware
c-65_firmware
w-68
c-250
c-110
o-90
c-250_firmware
w-118
c-130_firmware
c-235
c-100
c-260
c-65
c-235_firmware
c-110_firmware
c-260_firmware
c-200_firmware
c-230_firmware
c-230
c-75_firmware
c-120_firmware
c-200
c-100_firmware
o-90_firmware

siemens

scalance_w1700_ieee_802.11ac
scalance_w1750d_firmware
scalance_w1700_ieee_802.11ac_firmware
scalance_w700_ieee_802.11n
scalance_w1750d
scalance_w700_ieee_802.11n_firmware

samsung

galaxy_i9305_firmware
galaxy_i9305

5.3 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.9 /10

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-26146

5.3^/10

2.9^/10

Attach tags to `CVE-2020-26146`