CVSS: 6.5EPSS: 0%CPEs: 192EXPL: 0CVE-2020-26141 – kernel: not verifying TKIP MIC of fragmented frames
https://notcve.org/view.php?id=CVE-2020-26141
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. Se detectó un problema en el controlador ALFA de Windows 10 versión 6.1316.1209 para AWUS036H. La implementación de Wi-Fi no verifica la Comprobación de Integridad del Mensaje (autenticidad) de las tramas TKIP fragmentadas. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 https://www.fragattacks.com https://access.redhat.com/security/cve/CVE-2020-26141 https://bugzilla.redhat.com/show&# • CWE-354: Improper Validation of Integrity Check Value CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 54EXPL: 0CVE-2020-3111 – Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3111
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. • http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos • CWE-20: Improper Input Validation •