2020Cyberworld's assessment of CVE-2020-24587

Description

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

Add Assessment

2020Cyberworld (7)

May 18, 2021 10:52pm UTC (3 years ago)•Edited 3 years ago

Ratings

Gives privileged access Unauthenticated

Technical Analysis

Attackers are able to sniff traffic from the incoming lan connection while using a MITM attack or a man in the browser attack. It seems more like a man in the lower attack because it will be as if two users are sending cmds to the same device at the same time. Over time what will happen is the attacker will lock down the access point, harden it then set your browser and internet access to a guest connection. You are able to login in to your router but not actually make changes.. For example I could logon to the router at 192.168.1.1 configure it then connect remotely to it and it would connect to the same port only the ip would be 162.244.6.18. The router of in use doesn’t have WIFI but has an AP controller. Anyone else come across this .please im all ears. Thanks!

See More &1 replySee Less

ccondon-r7 (286) May 20, 2021 1:23pm UTC (3 years ago)

Hi @2020Cyberworld, thanks for the detailed assessment! I see you’ve reported a few vulns as exploited in the wild—are you seeing this and the other vulns you’ve reported used in active (not pen testing) attacks?

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

2.6 Low

Impact Score:

1.4

Exploitability Score:

1.2

Vector:

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector (AV):

Adjacent_network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

Low

Integrity (I):

None

Availability (A):

None

Vendors

Products

Weaknesses

CWE-327

Exploited in the Wild

Reported by:

2020Cyberworld indicated sources as

Threat Feed
News Article or Blog
Personally observed in an environment

Reported: May 18, 2021 10:41pm UTC (3 years ago) • Edited 3 years ago

References

Rapid7

Unknown

CVE-2020-24587

Unknown

Unknown

Required

None

Adjacent_network

CVE-2020-24587

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2020-24587

Unknown

Unknown

Required

None

Adjacent_network

CVE-2020-24587

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification