Page 13 of 73 results (0.021 seconds)

CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU en el campo de encabezado QoS de texto plano esté autenticada. Contra dispositivos que admiten la recepción de tramas A-MSDU que no son SSP (que es obligatorio como parte de 802.11n), un adversario puede abusar de esto para inyectar paquetes de red arbitrarios A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https: • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 3.1EPSS: 0%CPEs: 338EXPL: 1

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que todos los fragmentos de una trama estén cifrados con la misma clave. Un adversario puede abusar de esto para descifrar fragmentos seleccionados cuando otro dispositivo envía tramas fragmentadas y la clave de cifrado WEP, CCMP o GCMP es periódicamente renovada A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Una comprobación inapropiada de la entrada en algunos productos Intel® Wireless Bluetooth® anterior a versión 21.110, puede habilitar a un usuario no autenticado para permitir potencialmente una denegación de servicio por medio de un acceso adyacente • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0

Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Una restricción de búfer inapropiada en algunos productos Intel® Wireless Bluetooth® anterior a versión 21.110, puede habilitar a un usuario no autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso adyacente A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403 https://access.redhat.com/security/cve/CVE-2020-12321 https://bugzilla.redhat.com/show_bug.cgi?id=1893914 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. Una gestión del flujo de control insuficiente para algunos productos Intel® Wireless Bluetooth®, puede permitir a un usuario poco privilegiado habilitar potencialmente una denegación de servicio por medio del acceso adyacente • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html •