10 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 1

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key. • https://papers.mathyvanhoef.com/usenix2023-wifi.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0006 https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc https://www.wi-fi.org/discover-wi-fi/passpoint • CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando encabezados LLC/SNAP con una longitud no válida y la conversión de tramas de Ethernet a Wifi (y, opcionalmente, encabezados VLAN0) • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.2/1048 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers) Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando encabezados LLC/SNAP con una longitud no válida (y, opcionalmente, encabezados VLAN0) • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando combinaciones de encabezados VLAN 0, encabezados LLC/SNAP y convirtiendo tramas de Ethernet a Wifi y su inversa • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.7EPSS: 0%CPEs: 312EXPL: 1

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Las capacidades de filtrado de la red de capa 2, como la protección IPv6 RA o la inspección ARP, pueden omitirse usando combinaciones de encabezados VLAN 0 y encabezados LLC/SNAP • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX • CWE-290: Authentication Bypass by Spoofing •