cisco-sa-wifi-faf-22epcEWu

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

cisco-sa-wifi-faf-22epcEWu · Medium · Published 5 years ago · Updated 4 years ago

On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are implementation vulnerabilities. These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device. This advisory will be updated as additional information becomes available. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEs	CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147
Cisco Bug IDs	CSCvx62884, CSCvx62876, CSCvx89821, CSCvx62886, CSCvx24452, CSCvx24428, CSCvx24439, CSCvx24456, CSCvx24420, CSCvx24425, CSCvx24441, CSCvx24440, CSCvx24449, CSCvy32694, CSCvy32680, CSCvx60997, CSCvx61001, CSCvx61012, CSCvx61020, CSCvx24423, CSCvy32690
CVSS Score	Base 6.5 Base 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X Base 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X Base 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X Base 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source	Cisco Aironet Access Point Software, Cisco IP Phones with Multiplatform Firmware, Cisco TelePresence Endpoint Software (TC/CE), Cisco Webex Room Phone, Cisco Business Wireless Access Point Software, Cisco Aironet Access Point Software (IOS XE Controller)

Related Products

Product	CVE	Evidence
Cisco Webex Room Phone	CVE-2020-26147	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26146	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26145	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26144	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26143	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26142	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26141	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26140	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-26139	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-24588	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-24587	Cisco OpenVuln
Cisco Webex Room Phone	CVE-2020-24586	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26147	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26146	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26145	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26144	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26143	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26142	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26141	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26140	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-26139	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-24588	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-24587	Cisco OpenVuln
Cisco TelePresence Endpoint Software (TC/CE)	CVE-2020-24586	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26147	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26146	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26145	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26144	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26143	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26142	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26141	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26140	Cisco OpenVuln
Cisco TelePresence	CVE-2020-26139	Cisco OpenVuln
Cisco TelePresence	CVE-2020-24588	Cisco OpenVuln
Cisco TelePresence	CVE-2020-24587	Cisco OpenVuln
Cisco TelePresence	CVE-2020-24586	Cisco OpenVuln
Cisco IP phone	CVE-2020-26147	Cisco OpenVuln
Cisco IP phone	CVE-2020-26146	Cisco OpenVuln
Cisco IP phone	CVE-2020-26145	Cisco OpenVuln
Cisco IP phone	CVE-2020-26144	Cisco OpenVuln
Cisco IP phone	CVE-2020-26143	Cisco OpenVuln
Cisco IP phone	CVE-2020-26142	Cisco OpenVuln
Cisco IP phone	CVE-2020-26141	Cisco OpenVuln
Cisco IP phone	CVE-2020-26140	Cisco OpenVuln
Cisco IP phone	CVE-2020-26139	Cisco OpenVuln
Cisco IP phone	CVE-2020-24588	Cisco OpenVuln
Cisco IP phone	CVE-2020-24587	Cisco OpenVuln
Cisco IP phone	CVE-2020-24586	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26147	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26146	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26145	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26144	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26143	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26142	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26141	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26140	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-26139	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-24588	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-24587	Cisco OpenVuln
Cisco IP Phones with Multiplatform Firmware	CVE-2020-24586	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26147	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26146	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26145	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26144	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26143	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26142	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26141	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26140	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-26139	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-24588	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-24587	Cisco OpenVuln
Cisco Business Wireless Access Point Software	CVE-2020-24586	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26147	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26146	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26145	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26144	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26143	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26142	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26141	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26140	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-26139	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-24588	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-24587	Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller)	CVE-2020-24586	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26147	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26146	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26145	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26144	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26143	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26142	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26141	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26140	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-26139	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-24588	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-24587	Cisco OpenVuln
Cisco Aironet Access Point Software	CVE-2020-24586	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021

Workarounds

Related Products