Home

CVE-2020-26142

Description

An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.53

Associated Vulnerability

VulnerabilityOS Platform
Kernel-uek update (ELSA-2021-9459) kernel-uek-4.1.12-124.54.6.1.el7uek.x86_64.rpmLinux
Kernel-uek-debug update (ELSA-2021-9459) kernel-uek-debug-4.1.12-124.54.6.1.el7uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2021-9459) kernel-uek-debug-devel-4.1.12-124.54.6.1.el7uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2021-9459) kernel-uek-devel-4.1.12-124.54.6.1.el7uek.x86_64.rpmLinux
Kernel-uek-doc update (ELSA-2021-9459) kernel-uek-doc-4.1.12-124.54.6.1.el7uek.noarch.rpmLinux
Kernel-uek-firmware update (ELSA-2021-9459) kernel-uek-firmware-4.1.12-124.54.6.1.el7uek.noarch.rpmLinux
Kernel-uek update (ELSA-2021-9473) kernel-uek-4.1.12-124.56.1.el7uek.x86_64.rpmLinux
Kernel-uek-debug update (ELSA-2021-9473) kernel-uek-debug-4.1.12-124.56.1.el7uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2021-9473) kernel-uek-debug-devel-4.1.12-124.56.1.el7uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2021-9473) kernel-uek-devel-4.1.12-124.56.1.el7uek.x86_64.rpmLinux
Kernel-uek-doc update (ELSA-2021-9473) kernel-uek-doc-4.1.12-124.56.1.el7uek.noarch.rpmLinux
Kernel-uek-firmware update (ELSA-2021-9473) kernel-uek-firmware-4.1.12-124.56.1.el7uek.noarch.rpmLinux
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 1850 Series Access PointsNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco IP Phone 8800 SeriesNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco IP Phone 8800 Series with Multiplatform FirmwareNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Telepresence Integrator C SeriesNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco SIP IP Phone SoftwareNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 1550 SeriesNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 3600 SeriesNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 1600 SeriesNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 1530 SeriesNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 700 Series Access PointsNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 3700 Series Access PointsNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 700W Series Access PointsNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 1570 SeriesNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Aironet 1700 Series Access PointsNCM
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 For Cisco Industrial Wireless 3700 SeriesNCM
Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability (CVE-2020-26142)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705928Security Update for Cisco Aironet 1850 Series Access Points 8.3(15.136)
PATCH-1705974Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2
PATCH-1705298Security Update for Cisco IP Phone 8800 Series with Multiplatform Firmware 11.3(3)MPP1.377
PATCH-1706043Security Update for Cisco Telepresence Integrator C Series 9.1.1
PATCH-1705918Security Update for Cisco SIP IP Phone Software 11.7(1)MN19
PATCH-1705319Security Update for Cisco Aironet 1550 Series ap-17.7.0.47
PATCH-1705320Security Update for Cisco Aironet 3600 Series ap-17.7.0.47
PATCH-1705321Security Update for Cisco Aironet 1600 Series ap-17.7.0.47
PATCH-1705322Security Update for Cisco Aironet 1530 Series ap-17.7.0.47
PATCH-1705323Security Update for Cisco Aironet 700 Series Access Points ap-17.7.0.47
PATCH-1705527Security Update for Cisco Aironet 3700 Series Access Points 7.5(102.0)
PATCH-1705325Security Update for Cisco Aironet 700W Series Access Points ap-17.7.0.47
PATCH-1705326Security Update for Cisco Aironet 1570 Series ap-17.7.0.47
PATCH-1705327Security Update for Cisco Aironet 1700 Series Access Points ap-17.7.0.47
PATCH-1705328Security Update for Cisco Industrial Wireless 3700 Series ap-17.7.0.47

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234