Vulnerabilites related to samsung - galaxy_i9305
Vulnerability from fkie_nvd
Published
2021-05-11 20:15
Modified
2024-11-21 05:19
Severity ?
Summary
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_i9305_firmware | 4.4.4 | |
| samsung | galaxy_i9305 | - | |
| arista | c-250_firmware | * | |
| arista | c-250 | - | |
| arista | c-260_firmware | * | |
| arista | c-260 | - | |
| arista | c-230_firmware | * | |
| arista | c-230 | - | |
| arista | c-235_firmware | * | |
| arista | c-235 | - | |
| arista | c-200_firmware | * | |
| arista | c-200 | - | |
| arista | c-120_firmware | * | |
| arista | c-120 | - | |
| arista | c-130_firmware | * | |
| arista | c-130 | - | |
| arista | c-100_firmware | * | |
| arista | c-100 | - | |
| arista | c-110_firmware | * | |
| arista | c-110 | - | |
| arista | o-105_firmware | * | |
| arista | o-105 | - | |
| arista | w-118_firmware | * | |
| arista | w-118 | - | |
| arista | c-75_firmware | - | |
| arista | c-75 | - | |
| arista | o-90_firmware | - | |
| arista | o-90 | - | |
| arista | c-65_firmware | - | |
| arista | c-65 | - | |
| arista | w-68_firmware | - | |
| arista | w-68 | - | |
| siemens | scalance_w700_ieee_802.11n_firmware | * | |
| siemens | scalance_w700_ieee_802.11n | - | |
| siemens | scalance_w1700_ieee_802.11ac_firmware | * | |
| siemens | scalance_w1700_ieee_802.11ac | - | |
| siemens | scalance_w1750d_firmware | * | |
| siemens | scalance_w1750d | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*", matchCriteriaId: "B5CFC281-DDBA-4511-A271-FCFFA337E2B9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*", matchCriteriaId: "79194A52-BFFC-448B-9032-F29D2A5971BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B22D5837-A2CC-41AB-8252-1724345AEDC5", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*", matchCriteriaId: "EE97F0AD-8658-476A-8E22-DA67A5FD9F73", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4180BE58-3CA0-4FFD-B5BE-44E36FDE5F89", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*", matchCriteriaId: "A006A8BD-D56E-40C2-ADD2-C11759153808", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59BE4F3A-477A-4DE9-B293-F2AF2CCED9A3", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*", matchCriteriaId: "29B18F4E-4968-493A-BC90-5D8D7F619F39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "96A0A5F0-B046-4B53-92BC-D21705B1597C", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*", matchCriteriaId: "54878C0D-8842-490F-B556-76AF47A65891", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C62FEC63-9790-44DF-8AA0-050E89E883B1", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*", matchCriteriaId: "8F81C550-CE6F-4E68-A088-5EC0CEF40600", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DBABE602-480F-417B-8B5F-15312267FDF1", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*", matchCriteriaId: "AE3EC767-2ECA-44E4-AA03-9E2673A2B2F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF09C24-4E64-4365-994A-52001D3534B1", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*", matchCriteriaId: "81C15C55-207E-4030-AC2A-B2E3791D92B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "42002393-9A4C-4409-9327-896F94FC1D75", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*", matchCriteriaId: "132AD177-3F7F-4CD7-9BD5-EE5A24CE671C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDB30A2A-BF19-4D82-A773-AFD64F2B2070", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*", matchCriteriaId: "C4E82587-A7A1-4057-896A-F30B9DF7C831", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FED1F85B-60E5-45C7-846B-956D91ECC0A6", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*", matchCriteriaId: "7A31FF47-55EE-451B-ABDD-CE82E8EFBC98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D2658DB5-4E35-4F53-A278-CFA6DD3E683F", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*", matchCriteriaId: "5BEE861E-2604-42BD-ABAA-DA729F4EBDBC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AD2A3CCF-E8B5-4E7F-BCE7-DB70E8E72B4B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*", matchCriteriaId: "8EE26D5A-486B-48F3-9C1C-4EE3FD8F0234", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9860B5-6CC7-4F29-9514-A469AF6B28F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*", matchCriteriaId: "41F9E4B2-63FC-4F53-9C12-7478B7B6AD48", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8C890ABE-5D64-4D7F-A67B-BC026649E0B3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*", matchCriteriaId: "6B617EA3-E69E-43CA-99D4-86A408C55C90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1C1EF830-C210-48DB-A3F8-FC706AC5F3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*", matchCriteriaId: "9F03BB48-C89A-41F6-99DE-12FF95DCD9F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F05D6764-79B4-4787-B2D2-E685910453C3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*", matchCriteriaId: "880644DA-9280-4498-AD72-5CBD59CC8142", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "180881A1-AA78-411E-B508-D4C0D7084E28", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:*", matchCriteriaId: "55CA7B83-9295-451A-9B78-832761A6BA79", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4603220-61F1-4686-B55D-F9F5D27F324A", versionEndExcluding: "8.7.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", matchCriteriaId: "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.", }, { lang: "es", value: "Se detectó un problema en los dispositivos Samsung Galaxy S3 i9305 versión 4.4.4. Las implementaciones de WPA, WPA2 y WPA3 reensamblan fragmentos con números de paquete no consecutivos. Un adversario puede abusar de esto para exfiltrar fragmentos seleccionados. Esta vulnerabilidad es explotable cuando otro dispositivo envía tramas fragmentadas y el protocolo de confidencialidad de datos WEP, CCMP o GCMP es usado. Tenga en cuenta que WEP es vulnerable a este ataque por diseño", }, ], id: "CVE-2020-26146", lastModified: "2024-11-21T05:19:22.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-11T20:15:08.907", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.fragattacks.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.fragattacks.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 20:15
Modified
2024-11-21 05:19
Severity ?
Summary
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/11/12 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory | |
| cve@mitre.org | https://www.fragattacks.com | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/11/12 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fragattacks.com | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*", matchCriteriaId: "B5CFC281-DDBA-4511-A271-FCFFA337E2B9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*", matchCriteriaId: "79194A52-BFFC-448B-9032-F29D2A5971BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5763-1al00-7da0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C148549-31FC-48E5-860B-56364F15A9A4", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5763-1al00-7da0:-:*:*:*:*:*:*:*", matchCriteriaId: "72E99748-08CA-4515-B64B-A7696E7C9824", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1ge00-7da0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B6E3450B-8B5F-4510-8D07-1D5A1BA214E1", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1ge00-7da0:-:*:*:*:*:*:*:*", matchCriteriaId: "A9A76803-CFF6-4A82-A5EC-10A3946A91D3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1ge00-7db0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A9D34A4-CBF4-4B78-A20D-33DB7DD3609E", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1ge00-7db0:-:*:*:*:*:*:*:*", matchCriteriaId: "9AAE92C7-5197-48AA-9334-62D3E313F8AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1je00-7da0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "74D91A1E-53EE-482B-A3D1-53E955DCDE2E", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1je00-7da0:-:*:*:*:*:*:*:*", matchCriteriaId: "6D4F2AD0-57B4-4947-8887-9F26C47909CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1ge00-7ta0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DBD0BD5B-54E2-4A29-8AFE-D4796B65FA2B", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1ge00-7ta0:-:*:*:*:*:*:*:*", matchCriteriaId: "4450B377-C7C1-4225-9304-C4AC79AB7E71", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1ge00-7tb0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C8852F24-7613-43AA-A91C-4665721C75DA", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1ge00-7tb0:-:*:*:*:*:*:*:*", matchCriteriaId: "802CE18D-AF89-46F3-82EF-83F9590A49DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1je00-7ta0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8040707-3EE4-48CD-BEB0-B11136EC1841", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1je00-7ta0:-:*:*:*:*:*:*:*", matchCriteriaId: "BFC81171-3522-4982-BFA8-940E161AF217", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5763-1al00-3aa0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "749D2AF5-A5A4-4CBF-98C9-A3AC9C55494E", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5763-1al00-3aa0:-:*:*:*:*:*:*:*", matchCriteriaId: "E50D46EE-B0D0-4385-BF21-804CB1B9556C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5763-1al00-3da0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "05C27085-76D9-4185-A578-82B71A360731", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5763-1al00-3da0:-:*:*:*:*:*:*:*", matchCriteriaId: "781FDDBB-8DCA-4B65-8906-E78FBE3CFDA1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1ge00-3da0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A705BE0-37DB-4D49-AD50-B68CFE273C0D", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1ge00-3da0:-:*:*:*:*:*:*:*", matchCriteriaId: "2C591807-63DE-40DC-8E0A-083080FDC6FC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1ge00-3db0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D66877F3-BA23-4FAE-8FFD-7E81332F58B6", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1ge00-3db0:-:*:*:*:*:*:*:*", matchCriteriaId: "142E900D-63F3-4CC7-9E27-026B4C38A803", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6gk5766-1je00-3da0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "800E0542-02E5-4390-9AF0-82F3DD0B2523", versionEndExcluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6gk5766-1je00-3da0:-:*:*:*:*:*:*:*", matchCriteriaId: "420D0BD5-A206-4A3F-8978-6D0959CE4F14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", }, { lang: "es", value: "Se detectó un problema en los dispositivos Samsung Galaxy S3 i9305 versión 4.4.4. Las implementaciones de WEP, WPA, WPA2 y WPA3 aceptan segundos fragmentos de transmisión (o posteriores) incluso cuando se envían en texto plano y los procesan como tramas completas no fragmentados. Un adversario puede abusar de esto para inyectar paquetes de red arbitrarios independientemente de la configuración de la red", }, ], id: "CVE-2020-26145", lastModified: "2024-11-21T05:19:21.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-11T20:15:08.873", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.fragattacks.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.fragattacks.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 20:15
Modified
2024-11-21 05:19
Severity ?
Summary
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_i9305_firmware | 4.4.4 | |
| samsung | galaxy_i9305 | - | |
| arista | c-250_firmware | * | |
| arista | c-250 | - | |
| arista | c-260_firmware | * | |
| arista | c-260 | - | |
| arista | c-230_firmware | * | |
| arista | c-230 | - | |
| arista | c-235_firmware | * | |
| arista | c-235 | - | |
| arista | c-200_firmware | * | |
| arista | c-200 | - | |
| arista | c-120_firmware | * | |
| arista | c-120 | - | |
| arista | c-130_firmware | * | |
| arista | c-130 | - | |
| arista | c-100_firmware | * | |
| arista | c-100 | - | |
| arista | c-110_firmware | * | |
| arista | c-110 | - | |
| arista | o-105_firmware | * | |
| arista | o-105 | - | |
| arista | w-118_firmware | * | |
| arista | w-118 | - | |
| arista | c-75_firmware | - | |
| arista | c-75 | - | |
| arista | o-90_firmware | - | |
| arista | o-90 | - | |
| arista | c-65_firmware | - | |
| arista | c-65 | - | |
| arista | w-68_firmware | - | |
| arista | w-68 | - | |
| siemens | scalance_w700_ieee_802.11ax_firmware | * | |
| siemens | scalance_w700_ieee_802.11ax | - | |
| siemens | scalance_w700_ieee_802.11n_firmware | * | |
| siemens | scalance_w700_ieee_802.11n | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:samsung:galaxy_i9305_firmware:4.4.4:*:*:*:*:*:*:*", matchCriteriaId: "B5CFC281-DDBA-4511-A271-FCFFA337E2B9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:samsung:galaxy_i9305:-:*:*:*:*:*:*:*", matchCriteriaId: "79194A52-BFFC-448B-9032-F29D2A5971BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B22D5837-A2CC-41AB-8252-1724345AEDC5", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*", matchCriteriaId: "EE97F0AD-8658-476A-8E22-DA67A5FD9F73", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4180BE58-3CA0-4FFD-B5BE-44E36FDE5F89", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*", matchCriteriaId: "A006A8BD-D56E-40C2-ADD2-C11759153808", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59BE4F3A-477A-4DE9-B293-F2AF2CCED9A3", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*", matchCriteriaId: "29B18F4E-4968-493A-BC90-5D8D7F619F39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "96A0A5F0-B046-4B53-92BC-D21705B1597C", versionEndExcluding: "10.0.1-31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*", matchCriteriaId: "54878C0D-8842-490F-B556-76AF47A65891", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C62FEC63-9790-44DF-8AA0-050E89E883B1", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*", matchCriteriaId: "8F81C550-CE6F-4E68-A088-5EC0CEF40600", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-120_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DBABE602-480F-417B-8B5F-15312267FDF1", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-120:-:*:*:*:*:*:*:*", matchCriteriaId: "AE3EC767-2ECA-44E4-AA03-9E2673A2B2F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-130_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF09C24-4E64-4365-994A-52001D3534B1", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-130:-:*:*:*:*:*:*:*", matchCriteriaId: "81C15C55-207E-4030-AC2A-B2E3791D92B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "42002393-9A4C-4409-9327-896F94FC1D75", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-100:-:*:*:*:*:*:*:*", matchCriteriaId: "132AD177-3F7F-4CD7-9BD5-EE5A24CE671C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FDB30A2A-BF19-4D82-A773-AFD64F2B2070", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-110:-:*:*:*:*:*:*:*", matchCriteriaId: "C4E82587-A7A1-4057-896A-F30B9DF7C831", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:o-105_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FED1F85B-60E5-45C7-846B-956D91ECC0A6", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:o-105:-:*:*:*:*:*:*:*", matchCriteriaId: "7A31FF47-55EE-451B-ABDD-CE82E8EFBC98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:w-118_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D2658DB5-4E35-4F53-A278-CFA6DD3E683F", versionEndExcluding: "11.0.0-36", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:w-118:-:*:*:*:*:*:*:*", matchCriteriaId: "5BEE861E-2604-42BD-ABAA-DA729F4EBDBC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AD2A3CCF-E8B5-4E7F-BCE7-DB70E8E72B4B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*", matchCriteriaId: "8EE26D5A-486B-48F3-9C1C-4EE3FD8F0234", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9860B5-6CC7-4F29-9514-A469AF6B28F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*", matchCriteriaId: "41F9E4B2-63FC-4F53-9C12-7478B7B6AD48", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8C890ABE-5D64-4D7F-A67B-BC026649E0B3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*", matchCriteriaId: "6B617EA3-E69E-43CA-99D4-86A408C55C90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1C1EF830-C210-48DB-A3F8-FC706AC5F3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*", matchCriteriaId: "9F03BB48-C89A-41F6-99DE-12FF95DCD9F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w700_ieee_802.11ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "23DDDAEC-C0B4-4E14-9840-101B6F24DBE5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w700_ieee_802.11ax:-:*:*:*:*:*:*:*", matchCriteriaId: "09908B6A-6655-42F0-A20B-79FFBF81937A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F05D6764-79B4-4787-B2D2-E685910453C3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*", matchCriteriaId: "880644DA-9280-4498-AD72-5CBD59CC8142", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", }, { lang: "es", value: "Se detectó un problema en los dispositivos Samsung Galaxy S3 i9305 versión 4.4.4. Las implementaciones WEP, WPA, WPA2 y WPA3 aceptan tramas A-MSDU de texto plano siempre que los primeros 8 bytes correspondan a un encabezado RFC1042 válido (es decir, LLC/SNAP) para EAPOL. Un adversario puede abusar de esto para inyectar paquetes de red arbitrarios independientemente de la configuración de la red", }, ], id: "CVE-2020-26144", lastModified: "2024-11-21T05:19:21.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-11T20:15:08.837", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.fragattacks.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.fragattacks.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2020-26145
Vulnerability from cvelistv5
Published
2021-05-11 19:35
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.fragattacks.com | x_refsource_MISC | |
| https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/11/12 | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:49:07.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.fragattacks.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-13T12:06:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.fragattacks.com", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-26145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.fragattacks.com", refsource: "MISC", url: "https://www.fragattacks.com", }, { name: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", refsource: "MISC", url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-26145", datePublished: "2021-05-11T19:35:10", dateReserved: "2020-09-29T00:00:00", dateUpdated: "2024-08-04T15:49:07.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26146
Vulnerability from cvelistv5
Published
2021-05-11 19:39
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu | vendor-advisory, x_refsource_CISCO | |
| https://www.fragattacks.com | x_refsource_MISC | |
| https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/11/12 | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | x_refsource_CONFIRM | |
| https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:49:07.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.fragattacks.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-28T14:28:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { tags: [ "x_refsource_MISC", ], url: "https://www.fragattacks.com", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-26146", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { name: "https://www.fragattacks.com", refsource: "MISC", url: "https://www.fragattacks.com", }, { name: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", refsource: "MISC", url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-26146", datePublished: "2021-05-11T19:39:07", dateReserved: "2020-09-29T00:00:00", dateUpdated: "2024-08-04T15:49:07.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26144
Vulnerability from cvelistv5
Published
2021-05-11 19:33
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu | vendor-advisory, x_refsource_CISCO | |
| https://www.fragattacks.com | x_refsource_MISC | |
| https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/11/12 | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | x_refsource_CONFIRM | |
| https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:49:07.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.fragattacks.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-28T14:25:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { tags: [ "x_refsource_MISC", ], url: "https://www.fragattacks.com", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-26144", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu", }, { name: "https://www.fragattacks.com", refsource: "MISC", url: "https://www.fragattacks.com", }, { name: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", refsource: "MISC", url: "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md", }, { name: "[oss-security] 20210511 various 802.11 security issues - fragattacks.com", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/05/11/12", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-26144", datePublished: "2021-05-11T19:33:04", dateReserved: "2020-09-29T00:00:00", dateUpdated: "2024-08-04T15:49:07.203Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }