CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Published: May 11, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-24588
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.5
AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 2.9
AV:A/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-327

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
ieee / ieee_802.11	-	-
microsoft / windows_server_2008	r2-sp1	r2-sp1.x
microsoft / windows_10	1607	1607.x
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_7	--sp1	--sp1.x
microsoft / windows_10	1803	1803.x
microsoft / windows_10	1809	1809.x
microsoft / windows_10	1909	1909.x
microsoft / windows_10	2004	2004.x
microsoft / windows_server_2016	2004	2004.x
microsoft / windows_10	20h2	20h2.x
microsoft / windows_server_2012	--r2	--r2.x
debian / debian_linux	9.0	9.0.x
linux / linux_kernel	4.14	4.14.235
linux / linux_kernel	4.19	4.19.193
linux / linux_kernel	5.4	5.4.124
linux / linux_kernel	5.10	5.10.42
linux / linux_kernel	5.12	5.12.9
linux / linux_kernel	4.9.0	4.9.271
linux / linux_kernel	4.4.0	4.4.271

Vulnerability Database

289,571

CVE-2020-24588