CVSS: 8.6EPSS: 0%CPEs: 67EXPL: 0CVE-2022-20933 – Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20933
26 Oct 2022 — A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the atta... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf • CWE-234: Failure to Handle Missing Parameter •
CVSS: 6.5EPSS: 0%CPEs: 192EXPL: 0CVE-2020-26141 – kernel: not verifying TKIP MIC of fragmented frames
https://notcve.org/view.php?id=CVE-2020-26141
11 May 2021 — An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. Se detectó un problema en el controlador ALFA de Windows 10 versión 6.1316.1209 para AWUS036H. La implementación de Wi-Fi no verifica la Comprobación de Integridad del Mensaje (... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-354: Improper Validation of Integrity Check Value CWE-863: Incorrect Authorization •